Description
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.
Published: 2026-03-31
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to inject arbitrary shell commands into the scp remote operand via unsanitized iMessage attachment paths. During remote attachment staging, the paths are passed directly to the command without validation, enabling remote command execution on the configured host. This can compromise confidentiality, integrity, and availability of the remote system.

Affected Systems

Affected systems are all installations of OpenClaw prior to version 2026.3.13. The flaw resides in the SCP component used by the iMessage attachment staging flow. Any deployment that has remote attachment staging enabled is susceptible.

Risk and Exploitability

The CVSS score of 9.2 classifies this flaw as critical. While EPSS data is unavailable, the high score indicates that exploitation is likely if the remote host can be configured for attachment staging. The vulnerability is not listed in the CISA KEV catalog but its nature and score warrant immediate attention. Attackers with ability to influence the attachment staging configuration can trigger the injection, resulting in arbitrary command execution.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.3.13 or later to eliminate the unsanitized path handling.
  • If an immediate upgrade is not feasible, disable remote attachment staging in the OpenClaw configuration to prevent the exploit from working.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.
Title OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T13:31:42.071Z

Reserved: 2026-03-16T21:19:31.965Z

Link: CVE-2026-32917

cve-icon Vulnrichment

Updated: 2026-03-31T13:31:38.103Z

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:28.487

Modified: 2026-03-31T12:16:28.487

Link: CVE-2026-32917

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:10Z

Weaknesses