Vulnerability DatabaseCVE-2026-32017
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-32017
March 19, 2026
OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.
Affected Packages
openclaw (NPM):
Affected version(s) >=0.0.1 <2026.2.19
Fix Suggestion:
Update to version 2026.2.19
Related Resources (7)
https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98
https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13
https://nvd.nist.gov/vuln/detail/CVE-2026-32017
https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc
https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754
https://github.com/openclaw/openclaw
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-option-bypass-in-exec-allowlist
Do you need more information?
Contact Us
CVSS v4
Base Score:
6
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
LOW
Weakness Type (CWE)
Incomplete List of Disallowed Inputs
CWE-184
EPSS
Base Score:
0.04