3 matches found
CVE-2026-32052
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...
CVE-2026-32052
OpenClaw is affected as of versions prior to 2026.2.24, with a command injection in the system.run shell-wrapper. The attack vector involves injecting trailing positional argv carriers after inline shell payloads, enabling execution of hidden commands while a misleading approval text is displayed...
CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...