Platform
nodejs
Component
openclaw
Opgelost in
2026.2.22
2026.2.22
CVE-2026-32056 describes a remote code execution (RCE) vulnerability in the openclaw Node.js package. This flaw arises from insufficient sanitization of environment variables, specifically HOME and ZDOTDIR, which can be exploited to execute attacker-controlled startup files before the allowlisted command body is evaluated. The vulnerability affects versions of openclaw up to and including 2026.2.21-2, with a patched version 2026.2.22 available.
An attacker exploiting CVE-2026-32056 can achieve remote code execution on systems utilizing vulnerable versions of the openclaw package. This is achieved by crafting malicious environment variables that trigger the execution of attacker-controlled startup files. The potential impact is severe, ranging from unauthorized access to sensitive data and system resources to complete system compromise. This vulnerability shares similarities with other environment variable injection attacks, where attackers manipulate environment variables to execute arbitrary code. The blast radius extends to any application or service relying on the vulnerable openclaw package, potentially impacting a wide range of deployments.
CVE-2026-32056 was published on 2026-03-03. The vulnerability's severity is rated as HIGH (CVSS 7.5). Currently, there are no publicly known exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog as of this writing. The availability of a patched version suggests that the vulnerability was discovered through internal testing or security research.
Applications and services built using Node.js and relying on the openclaw package are at risk. Specifically, projects that dynamically execute commands based on user input or external data without proper sanitization are particularly vulnerable. Developers who have not recently reviewed their dependencies or implemented robust input validation practices are also at increased risk.
• nodejs / supply-chain:
npm list openclaw• nodejs / supply-chain:
npm audit openclaw• nodejs / supply-chain:
Check for unusual process executions with environment variables HOME or ZDOTDIR set to attacker-controlled values using ps aux | grep openclaw
disclosure
patch
Exploit Status
EPSS
0.14% (34% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-32056 is to upgrade the openclaw package to version 2026.2.22 or later. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, consider temporarily restricting the HOME and ZDOTDIR environment variables within the application's execution context. While not a complete solution, this can reduce the attack surface. Monitor system logs for suspicious activity related to process execution and environment variable manipulation. Implement a Web Application Firewall (WAF) to filter potentially malicious requests targeting the openclaw package. After upgrading, confirm the fix by running a test application that utilizes openclaw and verifies that the startup files are not executed with attacker-controlled content.
Actualice OpenClaw a la versión 2026.2.22 o posterior. Esto corrige la vulnerabilidad de inyección de variables de entorno que permite la ejecución remota de código. La actualización se puede realizar a través del gestor de paquetes de Python (pip) o descargando la nueva versión desde el repositorio oficial.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-32056 is a remote code execution vulnerability in the openclaw Node.js package where unsanitized environment variables can lead to the execution of attacker-controlled startup files.
You are affected if you are using openclaw versions 2026.2.21-2 or earlier. Check your project's dependencies using npm list openclaw.
Upgrade to openclaw version 2026.2.22 or later. If immediate upgrade is not possible, temporarily restrict the HOME and ZDOTDIR environment variables.
As of now, there are no publicly known exploits or active campaigns targeting CVE-2026-32056, but it's crucial to apply the patch promptly.
Refer to the openclaw project's repository or npm package page for the latest advisory and release notes: [https://www.npmjs.com/package/openclaw](https://www.npmjs.com/package/openclaw)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.