CVE-2026-32052
Received Received - Intake
Command Injection in OpenClaw system.run Allows Arbitrary Execution

Publication date: 2026-03-21

Last updated on: 2026-03-23

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-14
NVD
CVE-2026-32052
EUVD
EUVD-2026-13951
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.24 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-436 Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32052 is a command injection vulnerability in OpenClaw versions prior to 2026.2.24 affecting the system.run shell-wrapper feature.

Attackers can inject hidden commands by adding positional argv carriers after inline shell payloads. This means that while the displayed approval text shows only the inline shell command, the actual executed command includes additional trailing arguments that are not visible to the user.

This discrepancy allows attackers to execute arbitrary commands under misleading or incomplete approval text, bypassing display context validation and authorization checks.

Impact Analysis

This vulnerability can lead to unauthorized execution of arbitrary commands on systems running vulnerable versions of OpenClaw.

Because the approval or display text does not accurately reflect the full command being executed, users or operators may unknowingly approve malicious commands.

The impact includes potential compromise of system integrity and availability, as attackers can run hidden commands that may alter system behavior, disrupt services, or escalate privileges.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves command injection via the system.run shell-wrapper in OpenClaw versions prior to 2026.2.24, where attackers inject positional argv carriers after inline shell payloads to execute hidden commands. Detection involves monitoring for suspicious or unexpected command executions that include trailing positional arguments after inline shell commands.

Since the vulnerability exploits discrepancies between displayed approval text and actual executed commands, detection can focus on identifying commands where the approval or display text does not match the full argv vector used at runtime.

Specific detection commands are not provided in the available resources. However, system administrators should audit logs for commands executed via shell wrappers (e.g., /bin/sh -c, /usr/bin/env bash -lc) that include unexpected trailing positional arguments or suspicious inline payloads.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.2.24 or later, where this vulnerability has been fixed.

The fix ensures that the approval and display text for system.run commands accurately reflect the full command line including positional argv arguments, preventing hidden or misleading command execution.

  • Upgrade OpenClaw to version 2026.2.24 or newer.
  • Apply patches that enforce validation of system.run commands to bind approval text to the full argv vector.
  • Reject or audit commands where rawCommand strings do not match the positional argv form in shell-wrapper invocations.
  • Limit trusted directories for safe binaries to immutable system paths such as /bin and /usr/bin.
  • Monitor runtime warnings and audit findings related to trusted directory configurations and sandbox mount restrictions.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32052. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart