CVE-2026-32901

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.2

Description The software contains a semantic drift issue within the node system's run approval hardening mechanism. This flaw allows rewriting of wrapper command arguments (argv), potentially enabling the execution of unintended local scripts. An attacker who can control the wrapper argv and place malicious files in the approved working directory can exploit this by rewriting arguments, altering runtime behavior from approved command text.

Recommendations Update to version 2026.3.2 or later.