CVE-2026-32060

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14

Description OpenClaw versions before 2026.2.14 contain a path traversal flaw in the apply patch function. Attackers can exploit crafted paths, including directory traversal sequences or absolute paths, to escape workspace boundaries and modify arbitrary files when apply patch is enabled without filesystem sandbox containment. The apply patch function's path resolution does not enforce workspace containment, allowing inputs like ../../... or absolute paths to bypass the working directory in non-sandboxed mode. The impact depends on deployment and who can trigger tool execution, being most relevant when tool invocation is exposed to less-trusted callers or when workspace-only containment is expected.

Recommendations Versions prior to 2026.2.14: Keep tools.exec.applyPatch.enabled disabled if apply patch is not needed. Versions prior to 2026.2.14: Keep tools.exec.applyPatch.workspaceOnly set to its secure default of true. Versions prior to 2026.2.14: Restrict who can trigger tool execution and which tools are allowlisted.