High severityNVD Advisory· Published Mar 19, 2026· Updated Mar 21, 2026
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins
CVE-2026-32009
Description
OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.24 | 2026.2.24 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0aghsapatchWEB
- github.com/advisories/GHSA-5gj7-jf77-q2q2ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2ghsathird-party-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32009ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebinsghsathird-party-advisoryWEB
News mentions
0No linked articles in our index yet.