CVE-2026-32052 — MEDIUM (6.4)

Q: How severe is CVE-2026-32052?

CVE-2026-32052 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-32052?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary commands through trailing positional arguments that bypass display context validation.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.2.24

Related Weaknesses (CWE)

CWE-436 CWE-77

References

FAQ

What is CVE-2026-32052?

CVE-2026-32052 is a vulnerability with a CVSS score of 6.4 (MEDIUM). OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers af...

How severe is CVE-2026-32052?

CVE-2026-32052 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32052?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.