CVE-2026-32047

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation. Attackers can bypass shell-wrapper analysis by injecting $ followed by newline and ( inside double quotes, causing the shell runtime to fold the payload into $(...)and execute arbitrary subcommands.