Executive Summary

CVE-2026-32917 is a critical remote command injection vulnerability in OpenClaw versions before 2026.3.13. It occurs in the iMessage attachment staging process where unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP command without validation. This allows attackers to execute arbitrary commands on configured remote hosts remotely when remote attachment staging is enabled.

The root cause is that the remote attachment path is not properly sanitized before being used in an OS command, enabling command injection via shell metacharacters embedded in the attachment filename.

The vulnerability requires no privileges or user interaction and can lead to arbitrary command execution on remote hosts.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote command execution on configured hosts, which compromises confidentiality, integrity, and availability of systems.

• Attackers can execute arbitrary commands remotely without any privileges or user interaction.
• It can lead to full system compromise on the affected remote hosts.
• The flaw can disrupt normal operations by allowing malicious commands to run, potentially causing data loss or service outages.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unsanitized remote attachment paths containing shell metacharacters being passed to SCP commands during iMessage attachment staging. Detection can focus on monitoring SCP command invocations with suspicious or unusual remote paths that contain shell metacharacters.

You can check for SCP commands running with suspicious arguments by using commands such as:

• On Linux or Unix systems, use: ps aux | grep scp
• Monitor SCP command arguments in real-time with: sudo auditctl -w /usr/bin/scp -p x -k scp_monitor
• Search system logs for SCP usage with suspicious characters: grep -E '\$|;|`|\|' /var/log/syslog

Additionally, review iMessage attachment filenames or paths for shell metacharacters such as $, ;, `, |, &, <, >, and quotes, which are indicators of attempted exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade OpenClaw to version 2026.3.13 or later, where the vulnerability is fixed by strict validation and sanitization of SCP remote paths to reject any containing shell metacharacters.

If upgrading immediately is not possible, consider disabling the remote attachment staging feature in OpenClaw to prevent the vulnerable SCP command execution.

Additionally, monitor and restrict SCP command usage and audit logs for suspicious activity involving shell metacharacters in remote paths.

Implement network-level controls to limit access to configured remote hosts used by OpenClaw to reduce exposure.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary commands on configured remote hosts, which can lead to a high impact on confidentiality, integrity, and availability of data.

Such a compromise could potentially result in unauthorized access to sensitive information, data breaches, or disruption of services, which may affect compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive data.

However, the provided information does not explicitly mention or analyze the direct impact of this vulnerability on compliance with specific regulations.

Useful 0 Not Useful 0