CVE-2026-32052 in OpenClawinformation

Résumé

par MITRE • 21/03/2026

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Réserver

10/03/2026

Divulgation

21/03/2026

Modérer

accepté

Entrée

VDB-352177

CPE

prêt

CWE

CWE-436 (confirmé)

CVSS

9.8 (NVD)

EPSS

0.00099

KEV

non

Activités

très faible

Secteur

Transportation, Energy, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32052
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32052
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32052/

◂ Précédent Aperçu Suivant ▸

Do you need the next level of professionalism?

Upgrade your account now!