Cyber Resilience

CVE-2026-32003

HighPublic PoCRCE

Published: 19 March 2026

Published
19 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 21.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32003 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32003 is an environment variable injection vulnerability in OpenClaw versions prior to 2026.2.22. The flaw affects the system.run function, enabling attackers to bypass command allowlist restrictions through manipulation of the SHELLOPTS and PS4 environment variables. By invoking system.run with request-scoped environment variables, attackers can trigger bash xtrace expansion to execute arbitrary shell commands outside the intended allowlisted command body. Published on 2026-03-19, the vulnerability carries a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-78.

Exploitation targets scenarios where an attacker with high privileges (PR:H) can invoke system.run over the network (AV:N) while supplying custom request-scoped environment variables. The attack requires high complexity (AC:H) due to the need for precise environment manipulation but involves no user interaction (UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability effects (C:H/I:H/A:H) within the unchanged scope (S:U), allowing arbitrary shell command execution.

Mitigation guidance from advisories emphasizes upgrading to OpenClaw 2026.2.22 or later. A fixing commit is available at https://github.com/openclaw/openclaw/commit/e80c803fa887f9699ad87a9e906ab5c1ff85bd9a. Additional details appear in the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-2fgq-7j6h-9rm4 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shellopts-ps4-environment-injection-in-system-run.

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment variables can…

more

execute arbitrary shell commands outside the intended allowlisted command body through bash xtrace expansion.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Direct RCE via environment variable injection into bash (system.run) enables T1190 for remote exploitation of the public-facing app and T1059.004 for arbitrary Unix shell command execution bypassing allowlists.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28460Same product: Openclaw Openclaw
CVE-2026-22179Same product: Openclaw Openclaw
CVE-2026-32917Same product: Openclaw Openclaw
CVE-2026-28391Same product: Openclaw Openclaw
CVE-2026-32034Same product: Openclaw Openclaw
CVE-2026-32010Same product: Openclaw Openclaw
CVE-2026-27566Same product: Openclaw Openclaw
CVE-2026-31996Same product: Openclaw Openclaw
CVE-2026-28470Same product: Openclaw Openclaw
CVE-2026-29607Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of identified flaws like CVE-2026-32003 through software upgrades to OpenClaw 2026.2.22 or later, eliminating the environment variable injection vulnerability.

prevent

Mandates validation of inputs such as request-scoped environment variables supplied to system.run, preventing injection of malicious SHELLOPTS and PS4 values that trigger bash xtrace expansion.

prevent

Enforces least privilege to restrict high-privilege (PR:H) access to invoke the vulnerable system.run function, reducing the attack surface despite network accessibility (AV:N).

References