CVE-2026-32056 Overview
OpenClaw versions prior to 2026.2.22 contain a command injection vulnerability in the system.run function that fails to properly sanitize shell startup environment variables. Specifically, the HOME and ZDOTDIR environment variables are not sanitized, allowing attackers to bypass command allowlist protections. Remote attackers can exploit this flaw by injecting malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.
Critical Impact
Remote attackers can achieve arbitrary code execution by bypassing command allowlist protections through shell startup environment variable injection, potentially leading to full system compromise.
Affected Products
- OpenClaw versions prior to 2026.2.22
- OpenClaw for Node.js (all versions before the patch)
Discovery Timeline
- 2026-03-21 - CVE-2026-32056 published to NVD
- 2026-03-23 - Last updated in NVD database
Technical Details for CVE-2026-32056
Vulnerability Analysis
This vulnerability (CWE-78: OS Command Injection) exists in the system.run function of OpenClaw. The function implements a command allowlist to restrict which commands can be executed, but fails to account for shell initialization behavior. When a shell spawns, it automatically sources startup configuration files from locations specified by environment variables like HOME (for bash's .bash_profile, .bashrc) and ZDOTDIR (for zsh's .zshenv, .zshrc).
By controlling these environment variables, an attacker can point the shell to a directory containing malicious startup scripts. These scripts execute before any allowlist evaluation occurs, completely bypassing the security control and enabling arbitrary code execution with the privileges of the application.
Root Cause
The root cause is insufficient sanitization of shell startup environment variables (HOME and ZDOTDIR) before invoking shell commands through the system.run function. The allowlist mechanism was designed to restrict command execution but did not consider that shells automatically execute code from startup files, creating a race condition where malicious code runs before security checks are applied.
Attack Vector
The attack is network-based and requires low privileges. An attacker can exploit this vulnerability by:
- Setting the HOME or ZDOTDIR environment variable to point to an attacker-controlled directory
- Placing a malicious shell startup file (.bash_profile, .bashrc, .zshenv, or .zshrc) in that directory
- Invoking the system.run function with any allowlisted command
- The shell automatically sources the malicious startup file before executing the allowlisted command
- Arbitrary code executes with the privileges of the OpenClaw application
The vulnerability exploits the shell's initialization sequence where startup files are sourced before any command execution, bypassing the allowlist security mechanism entirely.
Detection Methods for CVE-2026-32056
Indicators of Compromise
- Unexpected modifications to HOME or ZDOTDIR environment variables in application contexts
- Creation of shell startup files (.bash_profile, .bashrc, .zshenv, .zshrc) in unusual directories
- Anomalous process execution chains where OpenClaw spawns unexpected child processes
- Network connections originating from processes spawned by OpenClaw that are not part of normal operations
Detection Strategies
- Monitor for environment variable manipulation targeting HOME and ZDOTDIR in application logs
- Implement file integrity monitoring on directories that could be used for shell startup file injection
- Use application-level logging to track all system.run function invocations and their environment contexts
- Deploy endpoint detection rules to identify shell processes executing from non-standard home directories
Monitoring Recommendations
- Enable verbose logging for the OpenClaw application to capture environment variable states during system.run calls
- Configure SIEM rules to alert on suspicious combinations of environment variable changes followed by shell command execution
- Monitor for process creation events where the parent process is OpenClaw and the child exhibits unusual behavior
How to Mitigate CVE-2026-32056
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.22 or later immediately
- Audit existing deployments for signs of exploitation by reviewing logs for unusual environment variable manipulation
- Restrict network access to systems running vulnerable OpenClaw versions until patching is complete
- Review and harden environment variable handling in any custom integrations with OpenClaw
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.22. The fix sanitizes the HOME and ZDOTDIR environment variables before shell command execution. The patch is available through the GitHub Commit. Additional details can be found in the GitHub Security Advisory.
Workarounds
- Implement application-level controls to explicitly set HOME and ZDOTDIR to safe, known values before calling system.run
- Use containerization to isolate OpenClaw instances and limit the impact of potential exploitation
- Deploy network segmentation to restrict access to systems running vulnerable OpenClaw versions
- Consider using shell modes that skip startup file execution (e.g., bash --norc --noprofile) if your use case allows
# Configuration example: Sanitize environment before shell execution
export HOME=/var/empty
export ZDOTDIR=/var/empty
# Ensure these directories exist but contain no shell startup files
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
