OpenClaw Code Execution via Script Modification (CVE-2026-32979)
OpenClaw before 2026.3.11 is vulnerable to an approval integrity issue (CVE-2026-32979) allowing attackers to execute arbitrary code by modifying approved local scripts before they are executed.
OpenClaw, a software application, is susceptible to an approval integrity vulnerability identified as CVE-2026-32979. This flaw exists in versions prior to 2026.3.11. An attacker can exploit this vulnerability to execute malicious code within the context of the OpenClaw runtime user. The attack involves modifying approved local scripts between the time they are approved and the time they are executed. This is possible because exact file binding does not occur, which allows for the alteration of…
Detection coverage 2
OpenClaw Script Modification Detection
mediumDetects the creation of new files in the OpenClaw scripts directory, indicating potential script modification.
OpenClaw Runtime User Process Spawning
highDetects processes spawned by the OpenClaw runtime user that are not typical OpenClaw processes.
Detection queries are kept inside the platform. Get full rules →