CVE-2026-32056 in OpenClaw
Summary
by MITRE • 03/21/2026
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/27/2026
The vulnerability identified as CVE-2026-32056 affects OpenClaw versions prior to 2026.2.22 and represents a critical security flaw in the system.run function implementation. This issue stems from inadequate sanitization of shell startup environment variables, specifically HOME and ZDOTDIR, which are fundamental components of shell initialization processes. The vulnerability creates a pathway for attackers to circumvent command allowlist protections that are typically designed to restrict execution of potentially dangerous commands. The flaw exists because the system.run function does not properly validate or sanitize these environment variables before executing shell commands, allowing malicious actors to manipulate the shell environment through these variables.
The technical implementation of this vulnerability leverages the inherent behavior of Unix-like shells that automatically source configuration files from specific locations defined by environment variables. When HOME and ZDOTDIR environment variables are not sanitized, attackers can manipulate these variables to point to malicious directories containing crafted shell startup files. The system.run function executes commands within a shell context, and during this process, the shell automatically loads initialization files such as .bash_profile, .zshenv, or other shell-specific configuration files from the directories specified by these environment variables. This process occurs before any allowlist validation takes place, creating a window where malicious code can be executed prior to the allowlist evaluation.
The operational impact of this vulnerability is severe and can result in complete system compromise. Attackers can inject malicious shell configuration files that execute arbitrary commands when the shell initializes, effectively bypassing all command allowlist protections. This creates a persistent backdoor that can be leveraged for privilege escalation, data exfiltration, or further exploitation of the system. The vulnerability affects remote attackers who can manipulate environment variables through various attack vectors, including configuration management interfaces, user input processing, or other injection points within the OpenClaw application. The timing of the code execution makes this particularly dangerous because malicious code runs before any allowlist validation occurs, rendering the protection mechanisms ineffective.
The vulnerability aligns with CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) categories, representing multiple security weaknesses that compound to create a severe exploit scenario. From an ATT&CK framework perspective, this vulnerability maps to T1059.001 (Command and Scripting Interpreter: PowerShell) and T1068 (Local Port Forwarding) through the execution of arbitrary code and potential lateral movement capabilities. The attack chain typically begins with environment variable manipulation followed by the injection of malicious shell configuration files that execute during shell initialization, leading to arbitrary code execution.
Mitigation strategies should focus on implementing proper environment variable sanitization within the system.run function, ensuring that HOME and ZDOTDIR variables are validated and sanitized before shell command execution. The recommended approach includes implementing strict input validation for environment variables, using absolute paths only, and implementing a whitelist approach for directory access. Organizations should also consider implementing additional security controls such as privilege separation, sandboxed execution environments, and monitoring for unauthorized shell configuration file modifications. The most effective long-term solution involves upgrading to OpenClaw version 2026.2.22 or later, which includes proper sanitization of environment variables and addresses the root cause of this vulnerability. Additionally, system administrators should implement comprehensive monitoring for changes to shell configuration files and establish regular security audits to detect potential exploitation attempts.