{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32015", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-10T19:48:38.210Z", "datePublished": "2026-03-19T22:06:52.761Z", "dateUpdated": "2026-03-19T22:06:52.761Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-19T22:06:52.761Z"}, "title": "OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation", "descriptions": [{"lang": "en", "value": "OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls."}], "tags": ["x_open-source"], "datePublic": "2026-02-21T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-426", "description": "CWE-426: Untrusted Search Path", "type": "CWE"}]}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "defaultStatus": "unaffected", "packageURL": "pkg:npm/openclaw", "versions": [{"version": "2026.1.21", "status": "affected", "versionType": "semver", "lessThan": "2026.2.19"}, {"version": "2026.2.19", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "2026.1.21", "versionEndExcluding": "2026.2.19"}]}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp", "name": "GitHub Security Advisory (GHSA-g75x-8qqm-2vxp)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23", "name": "Patch Commit", "tags": ["patch"]}, {"name": "VulnCheck Advisory: OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation"}], "credits": [{"lang": "en", "value": "Adnan Jakati (@jackhax)", "type": "reporter"}], "x_generator": {"engine": "vulncheck"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls."}], "id": "CVE-2026-32015", "lastModified": "2026-03-20T13:39:46.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-19T22:16:34.810", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/openclaw/openclaw/commit/28bac46c92069dc728524fbf383024c1b64e5c23"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g75x-8qqm-2vxp"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/openclaw-path-hijacking-bypass-in-tools-exec-safebins-allowlist-validation"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2026.1.21,2026.2.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2026.2.19"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenClaw", "source": "cna", "vendor": "OpenClaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-03-19T23:23:20.052481+00:00", "value": {"mitigation_remediation": ["Apply the official patch by upgrading OpenClaw to version 2026.2.19 or later.", "Restrict the PATH environment of the gateway process to only trusted directories and remove any user\u2011modifiable paths.", "Audit the file system for unexpected binaries that match allowlisted names such as jq and take remediation action if found.", "If upgrade is delayed, disable or limit execution of allowlisted binaries from untrusted directories as a temporary containment measure."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via Path Hijacking"}, "threat_synthesis": {"affected_systems": "The affected vendor is OpenClaw. All versions of OpenClaw prior to 2026.2.19, specifically 2026.1.21 and earlier versions up to but not including 2026.2.19, are vulnerable. No specific patch or fixed version number is provided in the CNA data, but the advisory indicates the issue is resolved in 2026.2.19.", "description_and_impact": "OpenClaw versions 2026.1.21 through 2026.2.18 contain a path hijacking flaw in the tools.exec.safeBins module that bypasses allowlist validation by manipulating the process PATH. Attackers who can influence the gateway process PATH or its launch environment can execute malicious binaries that share an allowlisted name, such as jq, thereby executing arbitrary code in the context of the gateway process. This flaw represents a Remote Code Execution risk tied to CWE-426, compromising confidentiality, integrity, and availability of affected systems.", "risk_and_exploitability": "The CVSS score of 7.3 indicates a High severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. Exploitation requires the attacker to affect the PATH environment of the gateway process, which usually implies local access or the ability to influence process launch parameters. If an attacker can set PATH to a directory under their control, they can launch trojan binaries with allowlisted names, defeating the validation controls. The vulnerability therefore poses a significant risk to environments where PATH is not tightly restricted."}}}}, "created": "2026-03-20T08:55:09.106085+00:00", "updated": "2026-03-20T11:05:30.596417+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}