Cyber Posture

CVE-2026-32917

CriticalPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0058 69.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly…

more

to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates identification, reporting, and correction of flaws like the command injection in OpenClaw's iMessage attachment staging via timely patching to version 2026.3.13.

SI-10 Information Input Validation good match
prevent

Requires validation of information inputs such as unsanitized iMessage attachment paths to block shell metacharacters before passing to the SCP command.

CM-7 Least Functionality partial match
prevent

Restricts systems to least functionality by disabling non-essential remote attachment staging, eliminating the vulnerable SCP operand exposure.

Security SummaryAI

CVE-2026-32917 is a remote command injection vulnerability (CWE-78) in OpenClaw versions before 2026.3.13. The flaw exists in the iMessage attachment staging flow, where unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation. This allows attackers to execute arbitrary commands on configured remote hosts when remote attachment staging is enabled. Published on 2026-03-31, the vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

The vulnerability can be exploited remotely by unauthenticated attackers (PR:N) over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). By sending iMessage attachments with specially crafted paths embedding shell metacharacters, attackers can inject commands that execute on the targeted remote hosts during the SCP-based staging process, potentially achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H).

Advisories recommend updating to OpenClaw 2026.3.13 or later to mitigate the issue, as detailed in the project's GitHub commit a54bf71b4c0cbe554a84340b773df37ee8e959de, the GitHub Security Advisory GHSA-g2f6-pwvx-r275, and the VulnCheck advisory on the remote command injection via unsanitized iMessage attachment paths in SCP.

Details

CWE(s)
CWE-78

Affected Products

openclaw
openclaw
≤ 2026.3.13

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

CVE enables unauthenticated remote exploitation of a public-facing application (T1190) via command injection using shell metacharacters in SCP operand, facilitating arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References