CVE-2026-32026

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.24

Description OpenClaw contains an improper path validation issue in sandbox media handling. This allows absolute paths under the host temporary directory to bypass the active sandbox root. Attackers can exploit this by providing malicious media references to read and exfiltrate arbitrary files from the host temporary directory through attachment delivery mechanisms. The issue arises because sandbox media path resolution allowed absolute host temporary paths as trusted media inputs, even when those paths were outside the active sandboxRoot. This enabled out-of-sandbox host temporary file reads and exfiltration through attachment delivery. The vulnerability impacts confidentiality, particularly for deployments relying on sandboxRoot as a strict local filesystem boundary.

Recommendations Versions prior to 2026.2.24: Restrict sandbox temporary-path acceptance to OpenClaw-managed temp roots only. Versions prior to 2026.2.24: Default SDK/extension temp helpers to OpenClaw-managed temp roots. Versions prior to 2026.2.24: Add CI guardrails to prevent broad tmp-root regressions in messaging/channel code paths.