Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.7
OpenClaw Approval Bypass Vulnerability Allows Unexpected Command Execution
CVE-2026-32065
Summary
Old versions of OpenClaw may allow a malicious user to trick an approver into running a different command than what they thought they approved. This could happen if the attacker can influence the command line arguments and reuse an existing approval. To fix this, update to OpenClaw version 2026.2.25 or later.
Original title
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, ...
Original description
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.
nvd CVSS3.1
4.8
nvd CVSS4.0
5.7
Vulnerability type
CWE-436
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026