PT-2026-27244 · Microsoft+1 · Windows+1
Tdjackey
·
Published
2026-03-23
·
Updated
2026-03-24
·
CVE-2026-32912
CVSS v3.1
5.8
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions 2026.2.26 through 2026.3.0
Description
The software contains a current working directory injection flaw in the Windows wrapper resolution process for .cmd/.bat files, potentially leading to shell execution fallback. This allows attackers to manipulate the current working directory, altering wrapper resolution behavior and resulting in command execution integrity loss.
Recommendations
Update to version 2026.3.1 or later.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw
Windows