Interpretation Conflict in OpenClaw - CVE-2026-32971
Published: April 8, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to execute local code.
The vulnerability exists due to interpretation conflict in node-host system.run approvals when displaying approval text for wrapper-shaped commands. A remote user can induce the operator to approve misleading command text to execute local code.
User interaction is required, and exploitation depends on the ability to place or select a local wrapper binary.