Cyber Posture

CVE-2026-32052

MediumPublic PoC

Published: 21 March 2026

Published
21 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
EPSS Score 0.0011 29.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands…

more

through trailing positional arguments that bypass display context validation.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection by validating inputs to the system.run shell-wrapper, blocking malicious positional argv carriers and inline shell payloads.

SI-2 Flaw Remediation good match
prevent

Ensures timely remediation of the specific command injection flaw through patching to OpenClaw 2026.2.24 or later.

AC-6 Least Privilege partial match
prevent

Limits damage from exploited command injection by enforcing least privilege on low-privilege accounts (PR:L), restricting arbitrary command impact.

Security SummaryAI

CVE-2026-32052 is a command injection vulnerability affecting OpenClaw versions prior to 2026.2.24, specifically in the system.run shell-wrapper component. The flaw allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads, enabling them to craft misleading approval text while bypassing display context validation. It is rated with a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H) and is associated with CWE-436 (Interpretation Conflict) and CWE-77 (Command Injection).

Attackers with low privileges can exploit this vulnerability over the network, though it requires high attack complexity and user interaction. Successful exploitation allows arbitrary command execution, resulting in high integrity and availability impacts but no confidentiality impact.

Mitigation is addressed in OpenClaw GitHub commits 0f0a680d3df81739ea5088a2f88e65f938b7936b and 55cf92578d266987e390c4bf688196af98eac748, along with the GHSA-6rcp-vxwf-3mfp security advisory and a detailed analysis from VulnCheck at https://www.vulncheck.com/advisories/openclaw-hidden-command-execution-via-shell-wrapper-positional-argv-carriers. Users should upgrade to OpenClaw 2026.2.24 or later to patch the issue.

Details

CWE(s)
CWE-436CWE-77

Affected Products

openclaw
openclaw
≤ 2026.2.24

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Command injection vulnerability in shell-wrapper enables remote exploitation for arbitrary Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References