CVE-2026-32015

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.21 through 2026.2.18

Description The tools.exec.safeBins component contains a flaw where allowlist checks can be bypassed through path hijacking. This allows attackers to execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls. Attackers can exploit this issue by influencing the process PATH or launch environment. The vulnerable component is tools.exec.safeBins. The issue arises because the validation process previously accepted a resolved executable path based on the executable name and argument shape, without enforcing trusted executable directories.

Recommendations OpenClaw versions 2026.1.21 through 2026.2.18 should be updated to version 2026.2.19 or later.