Is Command Injection affected by CVE-2026-32056?

OpenClaw systems running versions prior to 2026.2.22 are vulnerable to privilege escalation attacks where authenticated users can execute arbitrary code by manipulating shell environment variables.

CVE-2026-32056

EUVD-2026-13958 HIGH

2026-03-21 VulnCheck

GHSA-rj39-33v7-9xrq

GHSA-xgf2-vxv2-rrmg

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 23, 2026 - 18:59 vuln.today

Public exploit code

Analysis Generated

Mar 21, 2026 - 01:00 vuln.today

EUVD ID Assigned

Mar 21, 2026 - 01:00 euvd

EUVD-2026-13958

Patch Released

Mar 21, 2026 - 01:00 nvd

Patch available

CVE Published

Mar 21, 2026 - 00:42 nvd

HIGH 7.5

Description

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.

Analysis

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist protections. Authenticated remote attackers with low privileges can inject malicious shell startup files (.bash_profile, .zshenv) via unsanitized HOME and ZDOTDIR variables to achieve arbitrary code execution before allowlisted commands execute. …

Remediation

Within 24 hours: Identify all systems running OpenClaw versions prior to 2026.2.22 and assess their criticality and exposure. Within 7 days: Apply vendor patch (commit c2c7114ed39a547ab6276e1e933029b9530ee906) to all affected systems, prioritizing production and externally-facing instances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +38

POC: +20

CVE-2026-32056 vulnerability details – vuln.today

Back

CVE-2026-32056

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-32056

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code