Moderate severityNVD Advisory· Published Mar 21, 2026· Updated Mar 23, 2026
OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter
CVE-2026-32043
Description
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.25 | 2026.2.25 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903dbghsapatchWEB
- github.com/advisories/GHSA-mwcg-wfq3-4gjcghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjcghsathird-party-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-32043ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameterghsathird-party-advisoryWEB
News mentions
0No linked articles in our index yet.