CVE-2026-32024

MEDIUM5.5EPSS 0.06%

OpenClaw's avatar symlink traversal can expose out-of-workspace local files

發布日:2026/3/3修改日:2026/3/20

描述

### Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.21`, plus prereleases `2026.2.21-1` and `2026.2.21-2` - Latest published version at triage time (2026-02-22): `2026.2.21-2` (affected) - Planned patched version (pre-set for release workflow): `2026.2.22` ### Details In vulnerable builds, local avatar resolution could follow symlinks and return file bytes from outside the configured workspace boundary. The issue was hardened in two paths: 1. Gateway avatar metadata resolution now enforces canonical containment, `O_NOFOLLOW`, and fd/file-identity checks. 2. Control UI avatar serving now rejects symlink paths and enforces fd/file-identity and size checks before reads. ### Fix Commit(s) - `3d0337504349954237d09e4d957df5cb844d5e77` - `6970c2c2db3ee069ef0fff0ade5cfbdd0134f9d2` ### Release Process Note `patched_versions` is pre-set to `>= 2026.2.22` so after npm release, the remaining action is to publish this advisory. ### Impact Confidentiality impact only: local files readable by the OpenClaw process could be disclosed via avatar response surfaces. OpenClaw thanks @tdjackey for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osvCVSS 3.1MEDIUM5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(6)