CVE-2026-32910

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1

Description The software contains a flaw where the approval process can be bypassed, potentially allowing unauthorized binary execution. Specifically, the system.run function fails to properly bind executable identity when handling non-path-like arguments in argv[0]. This allows an attacker to modify the PATH resolution after approval, leading to the execution of a different binary than the one initially approved by the operator.

Recommendations Update to version 2026.3.1 or later.