CVE-2026-32003 in OpenClawИнформация

Сводка

по MITRE • 20.03.2026

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment variables can execute arbitrary shell commands outside the intended allowlisted command body through bash xtrace expansion.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

10.03.2026

Раскрытие

20.03.2026

Модерация

принято

Вход

VDB-351866

CPE

готов

CWE

CWE-78 (Подтверждённый)

CVSS

7.2 (NVD)

EPSS

0.00070

KEV

Нет

Деятельности

Очень низкий

Сектор

Police, Lawfirm, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32003
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32003
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32003/

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!