Home / Vulnerability Intelligence / CVE-2026-32059

CVE-2026-32059 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 11, 2026

OpenClaw - Command Injection

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.23 contains a command injection caused by improper validation of GNU long-option abbreviations in tools.exec.safeBins for the sort command, letting remote attackers bypass denied-flag checks and execute arbitrary sort commands, exploit requires remote access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 5.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary sort commands bypassing approval, potentially leading to unauthorized command execution.

Mitigation

Update to version 2026.2.23 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2026-32059 - High (8.8) OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32059/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32059
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: new
EPSS: 5.7%
Social Posts: 1

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.7%Probability of exploitation in the next 30 days