CVE-2026-32056
OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)
Description
### Summary `system.run` environment sanitization allowed shell-startup env overrides (`HOME`, `ZDOTDIR`) that can execute attacker-controlled startup files before allowlist-evaluated command bodies. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `<= 2026.2.21-2` (latest published vulnerable version) - Planned patched version: `>= 2026.2.22` ### Technical Details In affected versions: - Env sanitization blocked many dangerous keys, but not startup-sensitive override keys (`HOME`, `ZDOTDIR`) in host exec env paths. - Shell-wrapper analysis for allowlist mode models command bodies, but not shell startup side effects. - Runtime execution used sanitized env, so attacker-provided startup-key overrides could run hidden startup payloads first. Observed exploit vectors: - `HOME` + `bash -lc` + malicious `.bash_profile` - `ZDOTDIR` + `zsh -c` + malicious `.zshenv` ### Fix Commit(s) - `c2c7114ed39a547ab6276e1e933029b9530ee906` ### Release Process Note `patched_versions` is pre-set to the planned next release (`>= 2026.2.22`). After the npm release is published, this advisory can be published directly. OpenClaw thanks @tdjackey for reporting.
How to fix CVE-2026-32056
To remediate CVE-2026-32056, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.22 or later
Is CVE-2026-32056 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.22