CVE-2026-31997 in OpenClawИнформация

Сводка

по MITRE • 19.03.2026

OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

10.03.2026

Раскрытие

19.03.2026

Модерация

принято

Вход

VDB-351651

EPSS

0.00009

KEV

Нет

Деятельности

Очень низкий

Сектор

Transportation, Chemical, ...

Источники

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-31997
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-31997
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-31997/

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!