CVE-2026-32971
Published: 31 March 2026
Summary
CVE-2026-32971 is a high-severity User Interface (UI) Misrepresentation of Critical Information (CWE-451) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Match Legitimate Resource Name or Location (T1036.005); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the approval-integrity flaw in OpenClaw's node-host system.run display by applying patches from version 2026.3.11.
Prohibits low-privilege attackers from installing wrapper binaries required to craft misleading commands for operator approval.
Ensures audit records capture both approved display text and actual executed argv, enabling detection of UI mismatches post-exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UI misrepresentation in command approval directly facilitates masquerading via wrapper binaries/commands to induce operator approval (T1204.002) of unintended Unix shell execution (T1059.004).
NVD Description
OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.
Deeper analysisAI
CVE-2026-32971 is an approval-integrity vulnerability (CWE-451) in OpenClaw versions before 2026.3.11, affecting the node-host system.run approvals component. The flaw causes the approval interface to display extracted shell payloads instead of the actual executed argv, misrepresenting the commands presented to operators. Published on 2026-03-31, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), though it requires high attack complexity (AC:H) and user interaction (UI:R) from an operator. By placing wrapper binaries and crafting wrapper-shaped commands, the attacker induces approvals based on misleading command text, enabling execution of unintended local code after operator approval. This achieves high impacts on confidentiality, integrity, and availability.
Mitigation details are outlined in advisories at https://github.com/openclaw/openclaw/security/advisories/GHSA-rw39-5899-8mxp and https://www.vulncheck.com/advisories/openclaw-node-host-approval-ui-mismatch-allows-execution-of-unintended-commands, with OpenClaw 2026.3.11 addressing the issue in affected versions.
Details
- CWE(s)