CVE-2026-32903
Symlink Traversal in OpenClaw stageSandboxMedia Allows File Overwrite
Publication date: 2026-03-23
Last updated on: 2026-03-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.3.2 and involves a symlink traversal issue in the stageSandboxMedia component.
Attackers can exploit unvalidated destination paths during media or inbound writes to follow symbolic links (symlinks) and overwrite files outside the intended sandbox workspace.
This means that instead of restricting file writes to a safe sandbox area, the vulnerability allows attackers to overwrite arbitrary files on the host system.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with limited privileges to overwrite important files outside the sandbox environment.
This can lead to integrity issues where critical system or application files are modified or replaced, potentially causing system instability, unauthorized code execution, or denial of service.
Since the vulnerability does not impact confidentiality but affects integrity and availability, it can disrupt normal operations or enable further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know