{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32971/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-32971"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-32971","code-execution","approval-bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw, a software platform (details unspecified in the source), is vulnerable to an approval-integrity issue (CVE-2026-32971) affecting versions prior to 2026.3.11. This vulnerability resides within the \u003ccode\u003enode-host system.run\u003c/code\u003e approval process. The system displays extracted shell payloads instead of the actual arguments (\u003ccode\u003eargv\u003c/code\u003e) that will be executed. An attacker can exploit this by crafting malicious commands using wrapper binaries. By inducing operators to approve what appears to be benign…\u003c/p\u003e\n","date_modified":"2026-03-31T12:17:43Z","date_published":"2026-03-31T12:17:43Z","id":"/briefs/2026-04-openclaw-code-execution/","summary":"OpenClaw before 2026.3.11 exhibits an approval-integrity vulnerability where attackers can place wrapper binaries to execute local code after operators approve misleading command text, due to the system displaying extracted shell payloads instead of the actual executed arguments.","title":"OpenClaw Approval Integrity Vulnerability Leads to Code Execution (CVE-2026-32971)","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-code-execution/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32971","version":"https://jsonfeed.org/version/1.1"}