CVE-2026-32056 in OpenClaw정보

요약

\~에 의해 MITRE • 2026. 03. 21.

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

VulnCheck

예약하다

2026. 03. 10.

공개

2026. 03. 21.

모더레이션

수락

항목

VDB-352161

CPE

준비됨

CWE

CWE-78 (확인됨)

CVSS

9.8 (NVD)

EPSS

0.00191

KEV

아니요

활동

매우 낮음

부문

Finance, Homeoffice, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32056
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32056
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32056/

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!