CVE-2026-32043

Description

### Summary In `[email protected]`, approval-bound `system.run` on node hosts could be influenced by mutable symlink `cwd` targets between approval and execution. ### Details Approval matching on the gateway validated command/argv and binding fields, including `cwd`, as provided text. Node execution later used runtime `cwd` resolution. A symlinked `cwd` could therefore be retargeted after approval and before spawn. OpenClaw's trust model does not treat one shared gateway as a multi-tenant adversarial boundary, but approval integrity is still a security boundary for operator-reviewed command execution. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `<= 2026.2.24` - Patched: `>= 2026.2.25` ### Fix Commit(s) - `f789f880c934caa8be25b38832f27f90f37903db` ### Remediation The fix adds defense-in-depth hardening for approval-bound node execution: - reject symlink `cwd` paths for approval-bound `system.run` - canonicalize path-like executable argv before spawn - bind CLI approval requests to exact `commandArgv` ### Release Process Note Patched version is pre-set to the release (`2026.2.25`). Advisory published with npm release `2026.2.25`. OpenClaw thanks @tdjackey for reporting.

How to fix CVE-2026-32043

To remediate CVE-2026-32043, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.25 or later

Is CVE-2026-32043 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2026.2.25

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-32043
• PATCHgithub.com/openclaw/openclaw
• WEBgithub.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db
• WEBgithub.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc