CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32015

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.2%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2026-32015

Openclaw » Openclaw » Version: 2026.1.111

cpe:2.3:a:openclaw:openclaw:2026.1.111
Openclaw » Openclaw » Version: 2026.1.112

cpe:2.3:a:openclaw:openclaw:2026.1.112
Openclaw » Openclaw » Version: 2026.1.113

cpe:2.3:a:openclaw:openclaw:2026.1.113
Openclaw » Openclaw » Version: 2026.1.122

cpe:2.3:a:openclaw:openclaw:2026.1.122
Openclaw » Openclaw » Version: 2026.1.141

cpe:2.3:a:openclaw:openclaw:2026.1.141
Openclaw » Openclaw » Version: 2026.1.162

cpe:2.3:a:openclaw:openclaw:2026.1.162
Openclaw » Openclaw » Version: 2026.1.21

cpe:2.3:a:openclaw:openclaw:2026.1.21
Openclaw » Openclaw » Version: 2026.1.21-1

cpe:2.3:a:openclaw:openclaw:2026.1.21-1
Openclaw » Openclaw » Version: 2026.1.21-2

cpe:2.3:a:openclaw:openclaw:2026.1.21-2
Openclaw » Openclaw » Version: 2026.1.22

cpe:2.3:a:openclaw:openclaw:2026.1.22
Openclaw » Openclaw » Version: 2026.1.23

cpe:2.3:a:openclaw:openclaw:2026.1.23
Openclaw » Openclaw » Version: 2026.1.23-1

cpe:2.3:a:openclaw:openclaw:2026.1.23-1
Openclaw » Openclaw » Version: 2026.1.24

cpe:2.3:a:openclaw:openclaw:2026.1.24
Openclaw » Openclaw » Version: 2026.1.24-1

cpe:2.3:a:openclaw:openclaw:2026.1.24-1
Openclaw » Openclaw » Version: 2026.1.24-2

cpe:2.3:a:openclaw:openclaw:2026.1.24-2
Openclaw » Openclaw » Version: 2026.1.24-3

cpe:2.3:a:openclaw:openclaw:2026.1.24-3
Openclaw » Openclaw » Version: 2026.1.241

cpe:2.3:a:openclaw:openclaw:2026.1.241
Openclaw » Openclaw » Version: 2026.1.29

cpe:2.3:a:openclaw:openclaw:2026.1.29
Openclaw » Openclaw » Version: 2026.1.30

cpe:2.3:a:openclaw:openclaw:2026.1.30
Openclaw » Openclaw » Version: 2026.1.51

cpe:2.3:a:openclaw:openclaw:2026.1.51
Openclaw » Openclaw » Version: 2026.1.52

cpe:2.3:a:openclaw:openclaw:2026.1.52
Openclaw » Openclaw » Version: 2026.1.53

cpe:2.3:a:openclaw:openclaw:2026.1.53
Openclaw » Openclaw » Version: 2026.2.0

cpe:2.3:a:openclaw:openclaw:2026.2.0
Openclaw » Openclaw » Version: 2026.2.1

cpe:2.3:a:openclaw:openclaw:2026.2.1
Openclaw » Openclaw » Version: 2026.2.12

cpe:2.3:a:openclaw:openclaw:2026.2.12
Openclaw » Openclaw » Version: 2026.2.13

cpe:2.3:a:openclaw:openclaw:2026.2.13
Openclaw » Openclaw » Version: 2026.2.14

cpe:2.3:a:openclaw:openclaw:2026.2.14
Openclaw » Openclaw » Version: 2026.2.15

cpe:2.3:a:openclaw:openclaw:2026.2.15
Openclaw » Openclaw » Version: 2026.2.17

cpe:2.3:a:openclaw:openclaw:2026.2.17
Openclaw » Openclaw » Version: 2026.2.17.2

cpe:2.3:a:openclaw:openclaw:2026.2.17.2
Openclaw » Openclaw » Version: 2026.2.2

cpe:2.3:a:openclaw:openclaw:2026.2.2
Openclaw » Openclaw » Version: 2026.2.2-1

cpe:2.3:a:openclaw:openclaw:2026.2.2-1
Openclaw » Openclaw » Version: 2026.2.2-2

cpe:2.3:a:openclaw:openclaw:2026.2.2-2
Openclaw » Openclaw » Version: 2026.2.2-3

cpe:2.3:a:openclaw:openclaw:2026.2.2-3
Openclaw » Openclaw » Version: 2026.2.3

cpe:2.3:a:openclaw:openclaw:2026.2.3
Openclaw » Openclaw » Version: 2026.2.3-1

cpe:2.3:a:openclaw:openclaw:2026.2.3-1
Openclaw » Openclaw » Version: 2026.2.6

cpe:2.3:a:openclaw:openclaw:2026.2.6
Openclaw » Openclaw » Version: 2026.2.6-1

cpe:2.3:a:openclaw:openclaw:2026.2.6-1
Openclaw » Openclaw » Version: 2026.2.6-2

cpe:2.3:a:openclaw:openclaw:2026.2.6-2
Openclaw » Openclaw » Version: 2026.2.6-3

cpe:2.3:a:openclaw:openclaw:2026.2.6-3
Openclaw » Openclaw » Version: 2026.2.9

cpe:2.3:a:openclaw:openclaw:2026.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32015

Products

Pricing

Contact Us