CVE-2026-32056 in OpenClawinformação

Sumário

de MITRE • 21/03/2026

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulnCheck

Reservar

10/03/2026

Divulgação

21/03/2026

Moderação

aceite

Entrada

VDB-352161

CPE

pronto

CWE

CWE-78 (confirmado)

CVSS

9.8 (NVD)

EPSS

0.00191

KEV

não

Atividades

muito baixo

Sector

Transportation, Lawfirm, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32056
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32056
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32056/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!