Detection Guidance

Detection of CVE-2026-32058 involves identifying usage of the OpenClaw package versions prior to 2026.2.26 that use system.run with host=node and approval-enabled workflows.

Specifically, you should check if your system is running OpenClaw versions ≤ 2026.2.25 and if the system.run approval mechanism is used with exec approvals enabled.

Since the vulnerability involves reuse of approval IDs with modified environment variables, monitoring for unusual reuse of approval IDs or changes in environment variables in approval requests could indicate exploitation attempts.

No explicit detection commands are provided in the available resources.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-32058 is a vulnerability in OpenClaw versions prior to 2026.2.26 that involves an approval context-binding weakness in the system.run execution flow when using host=node.

This weakness allows attackers who have access to an approval ID to reuse previously approved requests but with modified environment variables. Because the approval mechanism did not strictly bind approvals to specific execution contexts, attackers can bypass execution-integrity controls in workflows that require approval.

The core issue was that the approval matching lacked a strict, versioned binding to command arguments, working directory, session context, and environment hash, allowing reuse of approvals with altered environment inputs.

The vulnerability is configuration-dependent and affects the integrity of execution approvals in node-host workflows.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.2.26 or later, where the vulnerability has been fixed by enforcing strict, versioned approval bindings for system.run executions with host=node.

The fix includes requiring versioned binding called systemRunBindingV1 that binds approvals to command arguments, current working directory, session context, and environment hash, preventing reuse of approvals with modified environment variables.

Additionally, ensure that exec approvals are properly configured and that legacy non-versioned fallback matching is disabled or removed.

Blocking or monitoring environment variables such as GIT_EXTERNAL_DIFF, which is explicitly blocked in the patched version, can also help reduce risk.

Review and harden sandbox and filesystem boundary policies as per the updated security policy in the patched version.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with low privileges and user interaction to bypass execution-integrity controls by reusing approved requests with modified environment variables.

As a result, unauthorized or unexpected command executions may occur within approval-enabled workflows, potentially impacting the integrity of the system.

The impact on confidentiality, integrity, and availability is low but still significant in contexts relying on strict execution approvals.

Exploitation complexity is low but requires access to an approval ID and user interaction.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0