Plattform
nodejs
Komponente
openclaw
Behoben in
2026.2.24
2026.2.24
CVE-2026-32033 describes a file-system guard bypass vulnerability in OpenClaw. This flaw allows attackers to potentially read files outside the intended workspace boundary when tools.fs.workspaceOnly=true. The vulnerability affects versions prior to 2026.2.24 and has been addressed in that release. Users are advised to upgrade to the patched version to prevent potential unauthorized access.
The vulnerability stems from an inconsistency in how OpenClaw handles absolute paths prefixed with @ when tools.fs.workspaceOnly=true. The validation occurs before canonicalization, allowing paths like @/etc/passwd to bypass boundary checks. This can lead to unauthorized file reads outside the intended workspace, potentially exposing sensitive information. While OpenClaw is designed for trusted-user environments, this bypass represents a significant security risk if the sandbox/tooling configurations are not properly implemented. The potential impact includes data breaches and compromise of the system's integrity, particularly if the workspace contains sensitive data or configuration files.
CVE-2026-32033 was publicly disclosed on 2026-03-03. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature suggests it could be relatively straightforward to exploit once a PoC is developed. The EPSS score is pending evaluation.
Users who have enabled tools.fs.workspaceOnly=true in their OpenClaw configuration and are running versions prior to 2026.2.24 are at increased risk. This includes developers and users who rely on OpenClaw for personal-assistant runtime tasks and have configured it with non-default sandbox/tooling settings.
• nodejs: Monitor OpenClaw process arguments for suspicious @-prefixed absolute paths. Use ps aux | grep claw to identify running processes and examine their command-line arguments for patterns like @/etc/passwd.
ps aux | grep claw | grep '@'• generic web: Examine access logs for requests containing @-prefixed absolute paths. Look for patterns like /tools/some_tool?path=@/etc/passwd.
grep '@/etc/passwd' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.05% (17% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-32033 is to upgrade OpenClaw to version 2026.2.24 or later. If upgrading is not immediately feasible, consider temporarily disabling the tools.fs.workspaceOnly setting, although this reduces the security posture. Review and strengthen sandbox/tooling configurations to ensure proper boundary enforcement. Monitor file system access logs for suspicious activity, particularly attempts to access files outside the expected workspace. There are no specific WAF or proxy rules that directly address this vulnerability, as it's a code-level issue.
Actualice OpenClaw a la versión 2026.2.24 o posterior. Esta versión corrige la vulnerabilidad de path traversal al validar correctamente las rutas con prefijo @ dentro del límite del espacio de trabajo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-32033 is a vulnerability in OpenClaw where a file-system guard mismatch allows attackers to bypass validation using @-prefixed paths, potentially leading to unauthorized file access.
You are affected if you are using OpenClaw versions prior to 2026.2.24 and have tools.fs.workspaceOnly=true enabled.
Upgrade OpenClaw to version 2026.2.24 or later to resolve this vulnerability. Review and tighten sandbox/tooling configurations as a temporary workaround.
Currently, there is no confirmed active exploitation of CVE-2026-32033, but vigilance is advised.
Refer to the OpenClaw SECURITY.md file for details on this vulnerability and mitigation steps.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.