CVE-2026-32065 in OpenClawالمعلومات

الملخص

بحسب MITRE • 21/03/2026

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

10/03/2026

إفشاء

21/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-352171

CPE

جاهز

CWE

CWE-436 (مؤكد)

CVSS

6.5 (NVD)

EPSS

0.00049

KEV

لا

النشاطات

منخفض جدًا

القطاع

Transportation, Hospital, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32065
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32065
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32065/

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!