Plattform
nodejs
Komponente
openclaw
Behoben in
2026.2.26
2026.2.26
CVE-2026-32055 describes a workspace boundary bypass vulnerability discovered in openclaw, a Node.js package. This flaw allows an attacker to create files outside the intended workspace by exploiting a weakness in symlink validation. Versions of openclaw prior to 2026.2.26 are affected, and a patch is available in version 2026.2.26.
The vulnerability stems from insufficient validation of symlink targets within the workspace-only path validation logic. An attacker can craft a scenario where an in-workspace symlink points to a non-existent file outside the workspace. The first write operation can bypass validation, allowing the attacker to create a file in an unexpected location. This could lead to arbitrary file writes, potentially overwriting critical system files or injecting malicious code. Successful exploitation could result in remote code execution, depending on the permissions of the process running openclaw and the location where the attacker can write files.
This vulnerability was publicly disclosed on March 12, 2026. There is currently no information about active exploitation campaigns or a public proof-of-concept. The vulnerability's impact depends heavily on the context of how openclaw is used within a project and the permissions of the running process. It is not currently listed on the CISA KEV catalog.
Node.js projects utilizing the openclaw package, particularly those with relaxed workspace access controls or relying on symlinks for file management, are at risk. Shared hosting environments where multiple projects share the same file system are also potentially vulnerable.
• nodejs / supply-chain:
npm list openclaw• nodejs / supply-chain:
npm audit• nodejs / supply-chain:
find node_modules -name "openclaw*" -type d -print0 | xargs -0 grep -i "workspace boundary"disclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to version 2026.2.26 or later of openclaw. If upgrading is not immediately feasible, consider implementing stricter workspace boundaries and access controls to limit the potential impact of a successful exploit. Review any existing symlink configurations within your project to identify potential vulnerabilities. While a direct WAF rule is unlikely, monitoring for unusual file creation patterns outside the expected workspace directory could provide early detection. After upgrading, confirm the fix by attempting to create a symlink from within the workspace pointing to a non-existent file outside the workspace and verifying that the operation is denied.
Actualice OpenClaw a la versión 2026.2.26 o posterior. Esta versión corrige la vulnerabilidad de path traversal que permite la escritura de archivos fuera del workspace a través de symlinks.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-32055 is a HIGH severity vulnerability in the openclaw Node.js package allowing attackers to create files outside the intended workspace via symlink manipulation.
You are affected if you are using openclaw versions 2026.2.25 or earlier. Check your project dependencies to determine if you are using a vulnerable version.
Upgrade openclaw to version 2026.2.26 or later. This resolves the workspace boundary bypass vulnerability.
As of the last update, there are no known active exploits targeting CVE-2026-32055, but it's crucial to apply the patch proactively.
Refer to the openclaw project's repository and npm package page for the latest information and advisory regarding CVE-2026-32055.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.