https://feed.craftedsignal.io/tags/imessage/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 12:16:28 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-rce/Tue, 31 Mar 2026 12:16:28 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-rce/OpenClaw before 2026.3.13 is vulnerable to remote command injection via unsanitized iMessage attachment paths passed to the SCP remote operand, allowing attackers to execute arbitrary commands on configured remote hosts when remote attachment staging is enabled.<p>OpenClaw, a software application whose specific function is not detailed in the provided context, is vulnerable to a remote command injection flaw. Specifically, versions prior to 2026.3.13 are susceptible. This vulnerability, identified as CVE-2026-32917, resides within the iMessage attachment staging process. Attackers can exploit this flaw by injecting shell metacharacters into unsanitized remote attachment paths. This occurs because these paths are directly passed to the SCP command…</p> criticaladvisorycommand-injectionimessageopenclaw