Home / Vulnerability Intelligence / CVE-2026-32060

CVE-2026-32060 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 11, 2026

OpenClaw - Path Traversal

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.14 contains a path traversal caused by insufficient filesystem sandbox containment in apply_patch, letting attackers write or delete files outside workspace boundaries, exploit requires apply_patch enabled without sandbox.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 28.1%(Probability of exploitation in next 30 days)

Impact

Attackers can modify or delete arbitrary files outside the workspace, potentially compromising system integrity.

Mitigation

Update to version 2026.2.14 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2026-32060 - High (8.8) OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containmen... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32060/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32060
Severity: High
CVSS Score: 8.8
Type: path_traversal
Status: new
EPSS: 28.1%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

28.1%Probability of exploitation in the next 30 days