CVE-2026-32971

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11

Description The software contains an approval-integrity issue within the node-host system.run approvals functionality. This allows the display of extracted shell payloads instead of the executed arguments. An attacker can leverage this by placing wrapper binaries and inducing wrapper-shaped commands, potentially leading to local code execution after an operator approves misleading command text.

Recommendations Update to version 2026.3.11 or later.

Fix

UI Misrepresentation of Critical Information

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436CWE-451CWE-863

Related Identifiers

CVE-2026-32971

GHSA-RW39-5899-8MXP

GHSA-W8RF-7QF8-65WW

Affected Products

Openclaw

CVE-2026-32971

Weakness Enumeration

Related Identifiers

Affected Products

References · 10