CVE-2026-32917
Published: 31 March 2026
Summary
CVE-2026-32917 is a critical-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and correction of flaws like the command injection in OpenClaw's iMessage attachment staging via timely patching to version 2026.3.13.
Requires validation of information inputs such as unsanitized iMessage attachment paths to block shell metacharacters before passing to the SCP command.
Restricts systems to least functionality by disabling non-essential remote attachment staging, eliminating the vulnerable SCP operand exposure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated remote exploitation of a public-facing application (T1190) via command injection using shell metacharacters in SCP operand, facilitating arbitrary Unix shell command execution (T1059.004).
NVD Description
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly…
more
to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.
Deeper analysisAI
CVE-2026-32917 is a remote command injection vulnerability (CWE-78) in OpenClaw versions before 2026.3.13. The flaw exists in the iMessage attachment staging flow, where unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation. This allows attackers to execute arbitrary commands on configured remote hosts when remote attachment staging is enabled. Published on 2026-03-31, the vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
The vulnerability can be exploited remotely by unauthenticated attackers (PR:N) over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). By sending iMessage attachments with specially crafted paths embedding shell metacharacters, attackers can inject commands that execute on the targeted remote hosts during the SCP-based staging process, potentially achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H).
Advisories recommend updating to OpenClaw 2026.3.13 or later to mitigate the issue, as detailed in the project's GitHub commit a54bf71b4c0cbe554a84340b773df37ee8e959de, the GitHub Security Advisory GHSA-g2f6-pwvx-r275, and the VulnCheck advisory on the remote command injection via unsanitized iMessage attachment paths in SCP.
Details
- CWE(s)