CVE-2026-32065 MEDIUM

CVE-2026-32065: OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

Vendor Openclaw
Product OpenClaw
Weakness CWE-436
Published March 21, 2026
Last update March 21, 2026

CVSS base score

5.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to execute a different binary than what the approver displayed, allowing unexpected command execution under the OpenClaw runtime user when they can influence command argv and reuse an approval context.

Key dates

02Disclosure timeline

March 21, 2026 CVE published
March 21, 2026 Record updated