CVE-2026-32903

CVSS v3.1

6.1

Medium

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

OpenClaw before 2026.3.2 contains a symlink traversal vulnerability in stageSandboxMedia that allows attackers to overwrite files outside the sandbox workspace. Attackers can exploit unvalidated destination paths in media/inbound writes to follow symlinks and overwrite host files beyond intended sandbox boundaries.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2026-32903

Affected Products

Openclaw

CVE-2026-32903

Weakness Enumeration

Related Identifiers

Affected Products

References · 4