CVE-2026-32846 OpenClaw CVE debrief

Who should care

Operators of OpenClaw deployments, especially systems that parse user-supplied media or accept file/path input; security teams responsible for application hardening and secrets exposure prevention.

Technical summary

The supplied description says incomplete validation in isLikelyLocalPath() and isValidMedia(), combined with an allowBareFilename bypass, allows paths outside the application sandbox. NVD’s CPE criteria mark openclaw:openclaw versions through 2026.3.23 as vulnerable, and the description indicates the issue is fixed before 2026.3.28. The impact is disclosure of arbitrary files rather than code execution.

Defensive priority

High — arbitrary file read in a parser exposed to untrusted input warrants prompt patching and review for sensitive-data exposure.

Recommended defensive actions

• Upgrade OpenClaw to 2026.3.28 or later, or to the vendor-fixed release referenced by the patch commit.
• Restrict or disable any media parsing paths that accept user-controlled filenames or paths until patched.
• Review application and host logs for suspicious reads of system files, environment files, SSH keys, or other secrets.
• Confirm sandboxing and allowlist checks cannot be bypassed by bare filenames or path normalization edge cases.
• Rotate exposed secrets if there is any chance local files were readable through the affected path.

Evidence notes

The evidence set includes the NVD modified record, a patch commit, a pull request used for issue tracking/vendor advisory context, a third-party advisory, and a referenced GitHub advisory link. NVD lists the vulnerable CPE range as openclaw:openclaw up to and including 2026.3.23. The corpus also marks the GitHub advisory URL as broken, so the patch commit and NVD record are the most reliable references here.

Official resources