CVE-2026-32901

OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execute arbitrary scripts by exploiting argv rewriting that changes runtime behavior from approved command text.