CVE-2026-32052CRITICAL 9.8EPSS p55.3%

CVE-2026-32052CVE-2026-32052

Description

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.91% probability of exploitation · percentile 55.3% · 2026-06-19T12:03:05Z
Published2026-03-21
Last modified2026-03-23

Underlying weaknesses· 2

CWE-436CWE-77

References

  1. https://github.com/openclaw/openclaw/commit/0f0a680d3df81739ea5088a2f88e65f938b7936b
  2. https://github.com/openclaw/openclaw/commit/55cf92578d266987e390c4bf688196af98eac748
  3. https://github.com/openclaw/openclaw/security/advisories/GHSA-6rcp-vxwf-3mfp
  4. https://www.vulncheck.com/advisories/openclaw-hidden-command-execution-via-shell-wrapper-positional-argv-carriers

2

TypeTargetConfidenceTier
WeaknessInterpretation Conflictcwe-4360%live
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32971
CVE
CVE-2026-22168
CVE
CVE-2026-27566
CVE
CVE-2026-32056
CVE
CVE-2026-42435
CVE
CVE-2026-35650
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.