HIGHCVE-2026-32033CVSS 7.5

CVE-2026-32033: File-System Guard Bypass in OpenClaw

Platform

nodejs

Component

openclaw

Fixed in

2026.2.24

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2026-32033 describes a file-system guard bypass vulnerability in OpenClaw. This flaw allows attackers to potentially read files outside the intended workspace boundary by exploiting a mismatch in path validation. The vulnerability affects versions prior to 2026.2.24 and has been resolved in that release. Users are advised to upgrade to the patched version to prevent unauthorized access.

Impact and Attack Scenarios

The vulnerability stems from an issue where, when tools.fs.workspaceOnly=true, certain @-prefixed absolute paths could bypass boundary validation before canonicalization. This means an attacker could craft a malicious path, such as @/etc/passwd, that would be validated before the runtime normalized the prefix, potentially allowing access to sensitive files outside the intended workspace. This could lead to information disclosure, potentially exposing configuration files, credentials, or other sensitive data. The impact is mitigated by the trusted-user assumptions and non-default sandbox/tooling configurations of OpenClaw.

Exploitation Context

CVE-2026-32033 was published on 2026-03-03. There is currently no public proof-of-concept (POC) available. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability and the relatively recent disclosure, active exploitation is currently unconfirmed.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.05% (17% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

CVSS Vector

Affected Software

Componentopenclaw

Vendorosv

Affected rangeFixed in

0 – 2026.2.242026.2.24

—2026.2.24

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2026-03-10
Published2026-03-03
Modified2026-03-25
EPSS updated2026-03-27

Mitigation and Workarounds

The primary mitigation for CVE-2026-32033 is to upgrade OpenClaw to version 2026.2.24 or later. If an immediate upgrade is not possible, consider reviewing and tightening the sandbox and tooling configurations to minimize the potential impact of this vulnerability. Specifically, ensure that tools.fs.workspaceOnly is enabled and that any custom tool paths are carefully validated. There are no specific WAF or proxy rules that can directly address this vulnerability, as it is a code-level flaw. After upgrading, confirm the fix by attempting to access files outside the intended workspace using an @-prefixed absolute path and verifying that access is denied.

How to fix

Update OpenClaw to version 2026.2.24 or later. This version fixes the path traversal vulnerability by correctly validating @-prefixed paths within the workspace boundary.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-32033 — File-System Guard Bypass in OpenClaw?

CVE-2026-32033 is a vulnerability in OpenClaw where a file-system guard mismatch allows attackers to bypass validation using @-prefixed paths, potentially leading to unauthorized file access.

Am I affected by CVE-2026-32033 in OpenClaw?

You are affected if you are using OpenClaw versions prior to 2026.2.24 and have tools.fs.workspaceOnly=true enabled.

How do I fix CVE-2026-32033 in OpenClaw?

Upgrade OpenClaw to version 2026.2.24 or later to resolve this vulnerability. Review and tighten sandbox/tooling configurations as a temporary workaround.

Is CVE-2026-32033 being actively exploited?

Currently, there is no confirmed active exploitation of CVE-2026-32033, but vigilance is advised.

Where can I find the official OpenClaw advisory for CVE-2026-32033?

Refer to the OpenClaw SECURITY.md file for details on this vulnerability and mitigation steps.