CVE-2026-32010
Published: 19 March 2026
Summary
CVE-2026-32010 is a medium-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Indirect Command Execution (T1202); ranked at the 12.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the OpenClaw allowlist bypass flaw via patching to version 2026.2.22 or later.
Mandates authorization and enforcement of only approved software executables, aligning with and strengthening OpenClaw's safeBins allowlist mechanism.
Minimizes system functionality by excluding unnecessary tools like 'sort' from safeBins, eliminating the specific bypass vector exploited in this CVE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is an allowlist bypass (CWE-78) enabling arbitrary program execution via sort --compress-program flag, directly facilitating indirect command execution (T1202) and Unix shell abuse (T1059.004) to evade execution controls.
NVD Description
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist mode…
more
with ask=on-miss enabled.
Deeper analysisAI
CVE-2026-32010, published on 2026-03-19, is an allowlist bypass vulnerability (CWE-78) in OpenClaw versions prior to 2026.2.22. The flaw exists in the safe-bin configuration when the 'sort' utility is manually added to tools.exec.safeBins. It enables attackers to invoke 'sort' using the --compress-program flag, allowing execution of arbitrary external programs without operator approval in allowlist mode with ask=on-miss enabled. The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H).
A local attacker with low privileges can exploit this issue by supplying a specially crafted 'sort' command incorporating the --compress-program flag. This bypasses the intended allowlist protections, permitting execution of unauthorized external programs. Exploitation leads to high integrity and availability impacts, with no confidentiality loss, in environments relying on OpenClaw's execution controls.
Mitigation is provided in OpenClaw version 2026.2.22 and later, via a fix documented in the commit at https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c. Further details on the vulnerability and remediation appear in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-4gc7-qcvf-38wg and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-sort-compress-program-parameter. Practitioners should update to the patched release and audit safeBins configurations to exclude unnecessary tools like 'sort'.
Details
- CWE(s)