Skip to main content

Openclaw CVE-2026-32917

| EUVDEUVD-2026-17371 CRITICAL
OS Command Injection (CWE-78)
2026-03-31 VulnCheck
9.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 31, 2026 - 11:45 euvd
EUVD-2026-17371
Analysis Generated
Mar 31, 2026 - 11:45 vuln.today
Patch released
Mar 31, 2026 - 11:45 nvd
Patch available
CVE Published
Mar 31, 2026 - 11:17 nvd
CRITICAL 9.2

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 9 npm packages depend on openclaw (5 direct, 4 indirect)

Ecosystem-wide dependent count for version 2026.3.13.

DescriptionCVE.org

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.

AnalysisAI

Remote command injection in OpenClaw's iMessage attachment staging mechanism (versions prior to 2026.3.13) allows unauthenticated network attackers to execute arbitrary commands on configured remote hosts via malicious attachment paths. The critical flaw stems from unsanitized shell metacharacters passed directly to SCP operations, achieving full system compromise (CVSS 9.8) when remote attachment staging is enabled. EPSS data and KEV status not provided; publicly available exploit code exists (GitHub commit demonstrates the fix, implying POC-level understanding in security community).

Technical ContextAI

This vulnerability affects OpenClaw (cpe:2.3:a:openclaw:openclaw), manifesting as a CWE-78 OS Command Injection weakness. The flaw resides in the iMessage attachment staging workflow where the application constructs SCP (Secure Copy Protocol) commands to transfer attachments to remote hosts. The vulnerability occurs because user-controlled attachment path data-specifically remote attachment paths embedded in iMessage metadata-are concatenated into shell commands without proper input sanitization or validation. Shell metacharacters (such as semicolons, pipes, backticks, or command substitution syntax) embedded in these paths are interpreted by the underlying shell during SCP execution, breaking out of the intended command context. This is a classic example of improper neutralization of special elements used in OS commands, where the trust boundary between user input and system command execution is not enforced. The vulnerability requires remote attachment staging to be enabled in the OpenClaw configuration, suggesting this is an optional feature for distributed or cloud-based deployment scenarios.

RemediationAI

Vendor-released patch: OpenClaw version 2026.3.13 or later. Organizations running affected versions should immediately upgrade to OpenClaw 2026.3.13, which implements proper input validation and sanitization of remote attachment paths before passing them to SCP operations. The specific remediation commit is available at https://github.com/openclaw/openclaw/commit/a54bf71b4c0cbe554a84340b773df37ee8e959de for technical review and verification. As an interim workaround for environments where immediate patching is not feasible, administrators should disable remote attachment staging functionality in OpenClaw configuration files until the upgrade can be completed. This workaround completely eliminates the attack vector but may impact operational workflows dependent on remote attachment processing. Network-level controls such as restricting access to OpenClaw instances via firewall rules or VPN requirements can reduce exposure but do not eliminate risk from internal threats or lateral movement scenarios. Post-upgrade, administrators should audit logs for suspicious SCP command execution patterns or unexpected remote command activity that may indicate prior exploitation attempts. Refer to the official GitHub security advisory (GHSA-g2f6-pwvx-r275) for additional vendor guidance and detection strategies.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-32917 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy