CVE-2026-32017

Summary

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling unauthorized file-write operations that should be denied by safeBins checks.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.2.19affected
OpenClawOpenClaw2026.2.19unaffected

Weaknesses

  • CWE-184: CWE-184: Incomplete List of Disallowed Inputs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References