CVE-2026-32063
HIGH
GHSA-vffc-f7r7-rx2w
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3Description
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.
Analysis
OpenClaw versions prior to 2026.2.21 allow local attackers with limited privileges to inject arbitrary systemd directives through unvalidated environment variables in unit file generation, enabling command execution with gateway service privileges. By manipulating config.env.vars and triggering service installation or restart, an attacker can bypass Environment= line constraints via newline injection to achieve arbitrary code execution. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running OpenClaw 2026.2.19-2 through 2026.2.20 and document their business criticality. Within 7 days: Implement input validation controls on environment variable sources and restrict systemd unit file generation to trusted administrative processes only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today