Cyber Posture

CVE-2026-32056

HighPublic PoC

Published: 21 March 2026

Published
21 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 37.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve…

more

arbitrary code execution before allowlist-evaluated commands are executed.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires sanitization and validation of environment variables such as HOME and ZDOTDIR at input points to system.run, preventing injection of malicious shell startup files.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the specific flaw through patching to OpenClaw 2026.2.22 or later, where environment variable sanitization is implemented.

CM-7 Least Functionality partial match
prevent

Restricts the application to least functionality by prohibiting unnecessary shell environment processing or startup file execution, mitigating allowlist bypass risks.

Security SummaryAI

CVE-2026-32056 is an OS command injection vulnerability (CWE-78) in OpenClaw versions prior to 2026.2.22. The issue resides in the system.run function, which fails to sanitize shell startup environment variables HOME and ZDOTDIR. This flaw enables attackers to bypass the application's command allowlist protections by manipulating these variables.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with high attack complexity, low privilege requirements, and no user interaction needed. Remote attackers with low privileges can inject malicious startup files, such as .bash_profile or .zshenv, into the controlled environment. This leads to arbitrary code execution occurring before any allowlist-evaluated commands are processed.

Mitigation is addressed in OpenClaw version 2026.2.22 and later. The GitHub commit c2c7114ed39a547ab6276e1e933029b9530ee906 implements the fix by properly sanitizing the relevant environment variables. Additional details are available in the GitHub security advisory GHSA-xgf2-vxv2-rrmg and the VulnCheck advisory on remote code execution via shell startup environment variable injection.

Details

CWE(s)
CWE-78

Affected Products

openclaw
openclaw
≤ 2026.2.22

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
T1211 Exploitation for Stealth Stealth
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
attack.mitre.org →
Why these techniques?

The vulnerability enables OS command injection via unsanitized Unix shell environment variables (HOME, ZDOTDIR), allowing arbitrary Unix shell command execution (T1059.004) and bypass of command allowlist defenses (T1211).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References