ГлавнаяУязвимости → CVE-2026-32060
8.8высокая

CVE-2026-32060

Описание

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files.

Затрагиваемое ПО
Openclaw Openclaw
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/openclaw/openclaw/commit/5544646a09c0121fca7d7093812dc2de8437c7f1https://github.com/openclaw/openclaw/security/advisories/GHSA-r5fq-947m-xm57https://www.vulncheck.com/advisories/openclaw-path-traversal-in-apply-patch-via-crafted-paths