CVE-2026-32026
Temporary path handling could write outside OpenClaw temp boundary
Description
### Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. ### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published version verified during triage: `2026.2.23` - Affected versions: `<= 2026.2.23` - Patched versions (planned next release): `>= 2026.2.24` ### Details In affected versions, sandbox media path resolution allowed absolute host tmp paths as trusted media inputs when they were under `os.tmpdir()`, without requiring that the path stay within the active `sandboxRoot`. Because outbound attachment hydration consumed these paths as already validated, this enabled out-of-sandbox host tmp file reads and exfiltration through attachment delivery. ### Impact - Confidentiality impact: high for deployments relying on `sandboxRoot` as a strict local filesystem boundary. - Practical impact: attacker-controlled media references could read and attach host tmp files outside the sandbox workspace boundary. ### Remediation - Restrict sandbox tmp-path acceptance to OpenClaw-managed temp roots only. - Default SDK/extension temp helpers to OpenClaw-managed temp roots. - Add CI guardrails to prevent broad tmp-root regressions in messaging/channel code paths. ### Fix Commit(s) - `d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5` - `79a7b3d22ef92e36a4031093d80a0acb0d82f351` - `def993dbd843ff28f2b3bad5cc24603874ba9f1e` ### Release Process Note The advisory is pre-set with patched version `2026.2.24` so it is ready for publication once that npm release is available. OpenClaw thanks @tdjackey for reporting. ### Publication Update (2026-02-25) `[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.
How to fix CVE-2026-32026
To remediate CVE-2026-32026, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.24 or later
Is CVE-2026-32026 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.