CVE-2026-32033 in OpenClaw
Summary
by MITRE • 03/20/2026
OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability where @-prefixed absolute paths bypass workspace-only file-system boundary validation due to canonicalization mismatch. Attackers can exploit this by crafting @-prefixed paths like @/etc/passwd to read files outside the intended workspace boundary when tools.fs.workspaceOnly is enabled.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/26/2026
The vulnerability identified as CVE-2026-32033 affects OpenClaw versions prior to 2026.2.24 and represents a critical path traversal flaw that undermines fundamental security controls designed to restrict file system access within designated workspaces. This issue arises from a fundamental mismatch in how absolute paths are canonicalized and validated, creating a significant bypass mechanism that allows unauthorized access to system resources outside the intended workspace boundaries. The vulnerability specifically targets the tools.fs.workspaceOnly configuration parameter which is intended to enforce strict file system access controls, but fails to properly handle @-prefixed absolute paths that are commonly used in various file system operations and security contexts.
The technical root cause of this vulnerability stems from a canonicalization mismatch where the system processes -prefixed absolute paths through different validation pathways than standard absolute paths. When a tool encounters a path starting with followed by an absolute path such as /etc/passwd, the canonicalization process does not properly normalize this path to the expected workspace-boundary format. This discrepancy allows attackers to craft malicious paths that appear to be within the workspace boundary during initial validation but are actually resolved to absolute system paths during actual file operations. The flaw essentially creates a bypass mechanism where the validation logic accepts the -prefixed path as legitimate while the execution logic resolves it to a system-level path, effectively circumventing the intended workspace restrictions.
The operational impact of this vulnerability extends beyond simple unauthorized file access, as it provides attackers with the capability to read sensitive system files and potentially extract confidential information from critical system locations. The ability to traverse outside the workspace boundary using @-prefixed paths enables attackers to access configuration files, credential stores, system logs, and other sensitive data that should remain isolated within the workspace environment. This vulnerability is particularly concerning because it operates silently without requiring elevated privileges or specific user interactions, making it a stealthy method for information extraction that could be used in reconnaissance phases of larger attacks. The implications are especially severe in environments where multiple users or processes share the same system while maintaining isolated workspace boundaries.
Security controls that rely on workspace-only file system validation become ineffective against this attack vector, rendering the tools.fs.workspaceOnly enforcement mechanism vulnerable to manipulation. The vulnerability aligns with CWE-22 Path Traversal and follows patterns commonly associated with path normalization and validation bypass techniques. From an adversarial perspective, this vulnerability maps to ATT&CK technique T1059 Command and Scripting Interpreter where attackers can leverage the path traversal to execute commands through file system access, and potentially to T1566 Phishing with Malicious Attachments where crafted paths could be used in malicious file delivery mechanisms. Organizations should implement immediate mitigations including upgrading to OpenClaw 2026.2.24 or later versions that address the canonicalization mismatch, implementing additional path validation layers, and monitoring for suspicious @-prefixed path usage patterns in system logs. The vulnerability highlights the importance of consistent canonicalization processes and proper input validation across all system components that handle file system paths, particularly in security-sensitive applications where boundary enforcement is critical for maintaining system integrity and data confidentiality.