Cyber Resilience

CVE-2026-32010

MediumPublic PoC

Published: 19 March 2026

Published
19 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v4 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 20.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-32010 is a medium-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Indirect Command Execution (T1202); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-32010, published on 2026-03-19, is an allowlist bypass vulnerability (CWE-78) in OpenClaw versions prior to 2026.2.22. The flaw exists in the safe-bin configuration when the 'sort' utility is manually added to tools.exec.safeBins. It enables attackers to invoke 'sort' using the --compress-program flag, allowing execution of arbitrary external programs without operator approval in allowlist mode with ask=on-miss enabled. The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H).

A local attacker with low privileges can exploit this issue by supplying a specially crafted 'sort' command incorporating the --compress-program flag. This bypasses the intended allowlist protections, permitting execution of unauthorized external programs. Exploitation leads to high integrity and availability impacts, with no confidentiality loss, in environments relying on OpenClaw's execution controls.

Mitigation is provided in OpenClaw version 2026.2.22 and later, via a fix documented in the commit at https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c. Further details on the vulnerability and remediation appear in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-4gc7-qcvf-38wg and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-sort-compress-program-parameter. Practitioners should update to the patched release and audit safeBins configurations to exclude unnecessary tools like 'sort'.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist mode…

more

with ask=on-miss enabled.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Vulnerability is an allowlist bypass (CWE-78) enabling arbitrary program execution via sort --compress-program flag, directly facilitating indirect command execution (T1202) and Unix shell abuse (T1059.004) to evade execution controls.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27566Same product: Openclaw Openclaw
CVE-2026-28460Same product: Openclaw Openclaw
CVE-2026-31996Same product: Openclaw Openclaw
CVE-2026-32003Same product: Openclaw Openclaw
CVE-2026-22179Same product: Openclaw Openclaw
CVE-2026-32056Same product: Openclaw Openclaw
CVE-2026-32917Same product: Openclaw Openclaw
CVE-2026-28463Same product: Openclaw Openclaw
CVE-2026-43530Same product: Openclaw Openclaw
CVE-2026-22176Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the OpenClaw allowlist bypass flaw via patching to version 2026.2.22 or later.

prevent

Mandates authorization and enforcement of only approved software executables, aligning with and strengthening OpenClaw's safeBins allowlist mechanism.

prevent

Minimizes system functionality by excluding unnecessary tools like 'sort' from safeBins, eliminating the specific bypass vector exploited in this CVE.

References