CVE-2026-32971
Approval-Integrity Vulnerability in OpenClaw node-host Allows Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32971 is an approval-integrity vulnerability in OpenClaw versions before 2026.3.11 affecting the node-host system.run approval process.
The issue arises because the approval user interface displays extracted shell payloads instead of the actual executed command arguments (argv). This causes a mismatch between what operators see and what is actually executed.
Attackers can exploit this by placing wrapper binaries and inducing commands shaped like these wrappers, leading operators to approve misleading command text. Once approved, the attacker can execute arbitrary local code.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized local code execution on systems running vulnerable versions of OpenClaw.
Because the approval interface shows misleading command text, operators may unknowingly approve harmful commands, allowing attackers to bypass intended approval controls.
The impact includes potential compromise of confidentiality, integrity, and availability of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the OpenClaw node-host system.run approval process is displaying misleading command text due to the UI showing extracted shell payloads instead of the actual executed argv commands.
Specifically, you should check if wrapper binaries are present on your system and if commands approved by operators differ between the displayed payload and the actual executed command line.
Since the vulnerability involves a mismatch between the approved command text and the executed command, you can audit logs or command approval records to detect discrepancies.
However, no explicit detection commands or scripts are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.11 or later, where the vulnerability has been fixed by binding approvals to the exact executed argv command.
Until the upgrade is applied, operators should be made aware of the potential for misleading command text in the approval UI and exercise caution when approving commands that may involve wrapper binaries.
Additionally, reviewing and restricting the placement or use of local wrapper binaries can reduce the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-32971 allows attackers to execute arbitrary local code after operators approve misleading command text due to an approval-integrity flaw. This can lead to unauthorized access, modification, or disruption of sensitive data and system operations.
Such unauthorized actions and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data integrity, confidentiality, and authorized access.
Organizations using vulnerable versions of OpenClaw may face increased risk of non-compliance due to the possibility of attackers bypassing approval controls and executing harmful commands.
Mitigation by upgrading to OpenClaw version 2026.3.11 or later is advised to restore proper approval integrity and reduce compliance risks.