CVE-2026-32032

OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute arbitrary commands wit...

CVE-2026-32032

creationtimestamp| type| source ---|---|--- 2026-03-24 08:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhs6gob26z2b...

CVE-2026-32032

OpenClaw vulnerable versions prior to 2026.2.22 allow arbitrary shell execution by trusting an unvalidated SHELL path from the host environment. A local attacker with environment access can inject a malicious SHELL variable to run commands with the OpenClaw process privileges. Impact is high (con...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32032 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32032 Source advisory: OSV:GHSA-F8MP-VJ46-CQ8V...