Arbitrary Argument Injection in openclaw

Q: How to fix?

Upgrade openclaw to version 2026.3.2-beta.1 or higher.

Introduced: 3 Mar 2026

How to fix?

Upgrade openclaw to version 2026.3.2-beta.1 or higher.

Overview

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Arbitrary Argument Injection via the system.run process. An attacker can execute unintended local scripts by manipulating the wrapper arguments and placing a malicious file in the approved working directory, leading to a divergence between the approved command and the executed behavior. This is only exploitable if the attacker can influence the wrapper arguments, place a local file in the approved working directory, and the operator grants approval for the displayed command.

References

GitHub Commit

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
High
Attack Requirements (AT)
Present
Privileges Required (PR)
Low
User Interaction (UI)
Passive

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Arbitrary Argument Injection Affecting openclaw package, versions >=2026.3.1 <2026.3.2-beta.1

Severity

Do your applications use this vulnerable package?

Introduced: 3 Mar 2026

How to fix?

Overview

References

CVSS Base Scores

Snyk