1  info:
 2    name: OpenClaw
 3    cve: CVE-2026-32917
 4    summary: OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP
 5    details: >-
 6      OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage
 7      attachment staging flow. When remote attachment staging is enabled, unsanitized remote
 8      attachment paths containing shell metacharacters (e.g., backticks, semicolons, pipes) are
 9      passed directly to the SCP remote operand without validation, enabling arbitrary command
10      execution on configured remote hosts. A remote attacker can exploit this by sending a crafted
11      iMessage attachment with a malicious filename to the victim's OpenClaw instance.
12      CVSS 4.0 vector: AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (AT:P indicates
13      the remote attachment staging feature must be enabled). No public PoC or nuclei template
14      found at time of analysis. Patch commit is publicly available.
15    cvss: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
16    severity: CRITICAL
17    security_advise: >-
18      Upgrade OpenClaw to version 2026.3.13 or later. If immediate upgrade is not possible,
19      disable remote attachment staging as a temporary mitigation. Review and sanitize all
20      external input passed to shell commands, especially filenames from messaging channels.
21    references:
22      - https://nvd.nist.gov/vuln/detail/CVE-2026-32917
23      - https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275
24      - https://github.com/openclaw/openclaw/commit/a54bf71b4c0cbe554a84340b773df37ee8e959de
25      - https://www.vulncheck.com/advisories/openclaw-remote-command-injection-via-unsanitized-imessage-attachment-paths-in-scp
26  rule: 'version < "2026.3.13"'
27  references:
28    - https://nvd.nist.gov/vuln/detail/CVE-2026-32917
29    - https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275