CVE-2026-32055
OpenClaw: workspace path guard bypass on non-existent out-of-root symlink leaf
Description
### Summary `openclaw` had a workspace boundary bypass in workspace-only path validation: when an in-workspace symlink pointed outside the workspace to a non-existent leaf, the first write could pass validation and create the file outside the workspace. ### Affected Packages / Versions - Package: `openclaw` (npm) - Vulnerable versions: `<= 2026.2.25` - Patched versions: `>= 2026.2.26` (pre-set for next planned release) - Latest published npm version at update time: `2026.2.25` ### Details The boundary check path resolved aliases in a way that allowed a non-existent out-of-root symlink target to pass the initial validation window. A first write through the guarded workspace path could therefore escape the workspace boundary. The fix hardens canonical boundary resolution so missing-leaf alias paths are evaluated against canonical containment, while preserving valid in-root aliases. This closes the first-write escape condition without regressing valid in-root alias usage. ### Fix Commit(s) - `46eba86b45e9db05b7b792e914c4fe0de1b40a23` - `1aef45bc060b28a0af45a67dc66acd36aef763c9` ### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.26`). Once npm release `2026.2.26` is published, this advisory can be published directly. Thanks @tdjackey for reporting.
How to fix CVE-2026-32055
To remediate CVE-2026-32055, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.26 or later
Is CVE-2026-32055 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.26