Untrusted search path in OpenClaw - CVE-2026-32032
Published: May 1, 2026
Vulnerability identifier: #VU128823
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-32032
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
OpenClaw
OpenClaw
Software vendor:
OpenClaw
OpenClaw
Description
The vulnerability allows a local user to execute an attacker-controlled shell.
The vulnerability exists due to untrusted search path in shell environment fallback loading when invoking the shell from an inherited untrusted host environment. A local user can set the SHELL environment variable to an attacker-controlled executable to execute an attacker-controlled shell.
Exploitation requires prior local environment compromise or injection of an untrusted startup environment.
Remediation
Install security update from vendor's website.