Platform
nodejs
Component
openclaw
Fixed in
2026.2.26
2026.2.26
CVE-2026-32055 describes a workspace boundary bypass vulnerability discovered in openclaw, a Node.js package. This flaw allows an attacker to create files outside the intended workspace by exploiting a weakness in symlink validation. Versions of openclaw prior to 2026.2.26 are affected, and a patch is available in version 2026.2.26.
The vulnerability stems from insufficient validation of symlinks within the workspace. An attacker can craft a malicious symlink that points outside the designated workspace to a non-existent file. When a write operation is performed through this symlink, the validation process fails to properly check the target location, allowing the attacker to create a file outside the workspace boundaries. This could lead to unauthorized file creation, modification, or deletion in sensitive areas of the system, potentially enabling privilege escalation or data exfiltration. The impact is amplified if the workspace contains sensitive data or configuration files.
This vulnerability was publicly disclosed on 2026-03-12. Currently, there are no known public exploits or active campaigns targeting this vulnerability. Its inclusion in the KEV catalog is pending. The vulnerability's reliance on symlink manipulation suggests a moderate level of attacker skill is required for exploitation.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade openclaw to version 2026.2.26 or later. If upgrading is not immediately feasible, consider implementing stricter workspace access controls to limit the potential impact of a successful exploit. Review and restrict symlink usage within the workspace. WAF rules could be configured to detect and block requests containing suspicious symlink paths. Monitor file system activity for unexpected file creations outside the intended workspace. After upgrading, verify the fix by attempting to create a file outside the workspace using a crafted symlink; the operation should be denied.
Actualice OpenClaw a la versión 2026.2.26 o posterior. Esta versión corrige la vulnerabilidad de path traversal que permite la escritura de archivos fuera del workspace a través de symlinks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32055 is a HIGH severity vulnerability in the openclaw Node.js package allowing attackers to create files outside the intended workspace via symlink manipulation.
You are affected if you are using openclaw versions 2026.2.25 or earlier. Check your project dependencies to determine if you are using a vulnerable version.
Upgrade openclaw to version 2026.2.26 or later. This resolves the workspace boundary bypass vulnerability.
As of the last update, there are no known active exploits targeting CVE-2026-32055, but it's crucial to apply the patch proactively.
Refer to the openclaw project's repository and npm package page for the latest information and advisory regarding CVE-2026-32055.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.