CVE-2026-32917 in OpenClaw
요약 (영어)
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
책임이 있는
VulnCheck
예약하다
2026. 03. 16.
공개
2026. 03. 31.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 354360 | OpenClaw Attachments 권한 상승 | 78 | 정의되지 않음 | 공식 수정 | CVE-2026-32917 |