CVE-2026-32007

描述

### Summary In some opt-in sandbox configurations, the **experimental** `apply_patch` tool did not consistently apply workspace-only checks to mounted paths (for example `/agent/...`). ### Impact This does **not** affect default installs. Default posture: - `agents.defaults.sandbox.mode=off` (sandbox disabled by default) - `tools.exec.applyPatch.enabled=false` (experimental tool disabled by default) This behavior applies only when all of the following are enabled/configured: - sandbox mode, - experimental `apply_patch`, - workspace-only expectations (`tools.fs.workspaceOnly=true` and/or `tools.exec.applyPatch.workspaceOnly=true`), - and writable mounts outside workspace. Under that opt-in setup, `apply_patch` operations could target mounted paths outside the workspace root. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected published versions: `<= 2026.2.22-2` - Fixed in code on `main`: commit `6634030be31e1a1842967df046c2f2e47490e6bf` - Patched release: `2026.2.23` ### Technical Details In the sandbox path flow, `apply_patch` used `sandbox.bridge.resolvePath(...)` without applying the same workspace-root assertion used by other filesystem tools. The fix makes `apply_patch` follow the same workspace-only enforcement for sandbox-resolved paths (unless explicitly disabled with `tools.exec.applyPatch.workspaceOnly=false`). ### Fix Commit(s) - `6634030be31e1a1842967df046c2f2e47490e6bf` ### Release Process Note `patched_versions` is pre-set to the released version (`2026.2.23`). Patched in `2026.2.23` and published. OpenClaw thanks @tdjackey for reporting.

如何修補 CVE-2026-32007

要修補 CVE-2026-32007,請將受影響套件升級到下列已修補版本。

• —升級至 2026.2.23 或更新版本

CVE-2026-32007 正在被利用嗎?

低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 2026.2.23