Security Advisory

CVE-2026-32010

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 22:06:49

Last updated 2026-03-20 18:22:07

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist mode with ask=on-miss enabled.

← Browse all CVEs View on cve.org ↗