CVE-2026-32036
EUVD-2026-1332019.03.2026, 22:16
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openclaw | openclaw | 𝑥 < 2026.2.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-289 - Authentication Bypass by Alternate NameThe software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.