CVE-2026-32912

CVSS v3.1

5.8

Medium

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

OpenClaw versions 2026.2.26 before 2026.3.1 contain a current working directory injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows shell execution fallback. Attackers can manipulate the current working directory to alter wrapper resolution behavior and achieve command execution integrity loss.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2026-32912

Affected Products

Openclaw

CVE-2026-32912

Weakness Enumeration

Related Identifiers

Affected Products

References · 3