CVE-2026-32003
Published: 19 March 2026
Summary
CVE-2026-32003 is a medium-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of identified flaws like CVE-2026-32003 through software upgrades to OpenClaw 2026.2.22 or later, eliminating the environment variable injection vulnerability.
Mandates validation of inputs such as request-scoped environment variables supplied to system.run, preventing injection of malicious SHELLOPTS and PS4 values that trigger bash xtrace expansion.
Enforces least privilege to restrict high-privilege (PR:H) access to invoke the vulnerable system.run function, reducing the attack surface despite network accessibility (AV:N).
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE via environment variable injection into bash (system.run) enables T1190 for remote exploitation of the public-facing app and T1059.004 for arbitrary Unix shell command execution bypassing allowlists.
NVD Description
OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment variables can…
more
execute arbitrary shell commands outside the intended allowlisted command body through bash xtrace expansion.
Deeper analysisAI
CVE-2026-32003 is an environment variable injection vulnerability in OpenClaw versions prior to 2026.2.22. The flaw affects the system.run function, enabling attackers to bypass command allowlist restrictions through manipulation of the SHELLOPTS and PS4 environment variables. By invoking system.run with request-scoped environment variables, attackers can trigger bash xtrace expansion to execute arbitrary shell commands outside the intended allowlisted command body. Published on 2026-03-19, the vulnerability carries a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-78.
Exploitation targets scenarios where an attacker with high privileges (PR:H) can invoke system.run over the network (AV:N) while supplying custom request-scoped environment variables. The attack requires high complexity (AC:H) due to the need for precise environment manipulation but involves no user interaction (UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability effects (C:H/I:H/A:H) within the unchanged scope (S:U), allowing arbitrary shell command execution.
Mitigation guidance from advisories emphasizes upgrading to OpenClaw 2026.2.22 or later. A fixing commit is available at https://github.com/openclaw/openclaw/commit/e80c803fa887f9699ad87a9e906ab5c1ff85bd9a. Additional details appear in the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-2fgq-7j6h-9rm4 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shellopts-ps4-environment-injection-in-system-run.
Details
- CWE(s)