CVE-2026-32061
📋 TL;DR
OpenClaw versions before 2026.2.17 contain a path traversal vulnerability in the $include directive that allows attackers with config modification capabilities to read arbitrary local files outside the config directory. This can expose sensitive files like API keys and credentials readable by the OpenClaw process user. Organizations using vulnerable OpenClaw versions are affected.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to sensitive credentials, API keys, or configuration files, leading to full system compromise or lateral movement within the environment.
Likely Case
Unauthorized reading of configuration files, credentials, or other sensitive data stored on the local filesystem accessible to the OpenClaw process.
If Mitigated
Limited impact due to proper access controls, file permissions, and network segmentation preventing exposure of critical files.
🎯 Exploit Status
Exploitation requires ability to modify OpenClaw configuration files, which may be achieved through other vulnerabilities or misconfigurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.17
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-56pc-6hvp-4gv4
Restart Required: Yes
Instructions:
1. Download OpenClaw version 2026.2.17 or later from the official repository. 2. Replace the existing OpenClaw installation with the patched version. 3. Restart the OpenClaw service or process.
🔧 Temporary Workarounds
Restrict Config Modification Permissions
linuxLimit write access to OpenClaw configuration files to trusted users only.
chmod 640 /path/to/openclaw/config/*
chown root:trustedgroup /path/to/openclaw/config/*
Implement File Access Controls
allUse OS-level file permissions to restrict what files the OpenClaw process user can read.
🧯 If You Can't Patch
- Implement strict access controls on OpenClaw configuration files to prevent unauthorized modifications.
- Monitor and audit file access attempts by the OpenClaw process user for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check the OpenClaw version; if it is earlier than 2026.2.17, it is vulnerable.Check Version:
openclaw --versionVerify Fix Applied:
Confirm the OpenClaw version is 2026.2.17 or later after applying the patch.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns by the OpenClaw process, especially outside the config directory.
- Failed attempts to access restricted files via OpenClaw logs.
Network Indicators:
- Unusual outbound connections from the OpenClaw host following config changes.
SIEM Query:
source="openclaw.log" AND (event="file_access" AND path NOT STARTS WITH "/etc/openclaw/")