CVE-2026-32044 — MEDIUM (5.5)

Q: How severe is CVE-2026-32044?

CVE-2026-32044 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-32044?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing local denial of service during skill installation.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.3.2

Related Weaknesses (CWE)

CWE-409

References

https://github.com/openclaw/openclaw/commit/0dbb92dd2bcf9a32379d11c0f11ed016669dPatch
https://github.com/openclaw/openclaw/security/advisories/GHSA-77hf-7fqf-f227Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-tar-archive-safety-bypass-in-skillThird Party Advisory

FAQ

What is CVE-2026-32044?

CVE-2026-32044 is a vulnerability with a CVSS score of 5.5 (MEDIUM). OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicio...

How severe is CVE-2026-32044?

CVE-2026-32044 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32044?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.