CVE-2026-32052
Published: 21 March 2026
Summary
CVE-2026-32052 is a medium-severity Interpretation Conflict (CWE-436) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection by validating inputs to the system.run shell-wrapper, blocking malicious positional argv carriers and inline shell payloads.
Ensures timely remediation of the specific command injection flaw through patching to OpenClaw 2026.2.24 or later.
Limits damage from exploited command injection by enforcing least privilege on low-privilege accounts (PR:L), restricting arbitrary command impact.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in shell-wrapper enables remote exploitation for arbitrary Unix shell command execution.
NVD Description
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands…
more
through trailing positional arguments that bypass display context validation.
Deeper analysisAI
CVE-2026-32052 is a command injection vulnerability affecting OpenClaw versions prior to 2026.2.24, specifically in the system.run shell-wrapper component. The flaw allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads, enabling them to craft misleading approval text while bypassing display context validation. It is rated with a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H) and is associated with CWE-436 (Interpretation Conflict) and CWE-77 (Command Injection).
Attackers with low privileges can exploit this vulnerability over the network, though it requires high attack complexity and user interaction. Successful exploitation allows arbitrary command execution, resulting in high integrity and availability impacts but no confidentiality impact.
Mitigation is addressed in OpenClaw GitHub commits 0f0a680d3df81739ea5088a2f88e65f938b7936b and 55cf92578d266987e390c4bf688196af98eac748, along with the GHSA-6rcp-vxwf-3mfp security advisory and a detailed analysis from VulnCheck at https://www.vulncheck.com/advisories/openclaw-hidden-command-execution-via-shell-wrapper-positional-argv-carriers. Users should upgrade to OpenClaw 2026.2.24 or later to patch the issue.
Details
- CWE(s)