CVE-2026-32052
Command Injection in OpenClaw system.run Allows Arbitrary Execution
Publication date: 2026-03-21
Last updated on: 2026-03-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-436 | Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32052 is a command injection vulnerability in OpenClaw versions prior to 2026.2.24 affecting the system.run shell-wrapper feature.
Attackers can inject hidden commands by adding positional argv carriers after inline shell payloads. This means that while the displayed approval text shows only the inline shell command, the actual executed command includes additional trailing arguments that are not visible to the user.
This discrepancy allows attackers to execute arbitrary commands under misleading or incomplete approval text, bypassing display context validation and authorization checks.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized execution of arbitrary commands on systems running vulnerable versions of OpenClaw.
Because the approval or display text does not accurately reflect the full command being executed, users or operators may unknowingly approve malicious commands.
The impact includes potential compromise of system integrity and availability, as attackers can run hidden commands that may alter system behavior, disrupt services, or escalate privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves command injection via the system.run shell-wrapper in OpenClaw versions prior to 2026.2.24, where attackers inject positional argv carriers after inline shell payloads to execute hidden commands. Detection involves monitoring for suspicious or unexpected command executions that include trailing positional arguments after inline shell commands.
Since the vulnerability exploits discrepancies between displayed approval text and actual executed commands, detection can focus on identifying commands where the approval or display text does not match the full argv vector used at runtime.
Specific detection commands are not provided in the available resources. However, system administrators should audit logs for commands executed via shell wrappers (e.g., /bin/sh -c, /usr/bin/env bash -lc) that include unexpected trailing positional arguments or suspicious inline payloads.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.2.24 or later, where this vulnerability has been fixed.
The fix ensures that the approval and display text for system.run commands accurately reflect the full command line including positional argv arguments, preventing hidden or misleading command execution.
- Upgrade OpenClaw to version 2026.2.24 or newer.
- Apply patches that enforce validation of system.run commands to bind approval text to the full argv vector.
- Reject or audit commands where rawCommand strings do not match the positional argv form in shell-wrapper invocations.
- Limit trusted directories for safe binaries to immutable system paths such as /bin and /usr/bin.
- Monitor runtime warnings and audit findings related to trusted directory configurations and sandbox mount restrictions.