CVE-2026-32917 in OpenClawinfo

Zusammenfassung (Englisch)

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

VulnCheck

Reservieren

16.03.2026

Veröffentlichung

31.03.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
354360	OpenClaw Attachments erweiterte Rechte	78	Nicht definiert	Offizieller Fix	CVE-2026-32917

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!