CVE-2026-32971: OpenClaw Approval-Integrity Flaw Lets Attackers Swap Payloads at Execution Time
A new critical vulnerability in OpenClaw — tracked as CVE-2026-32971 — allows attackers to obtain human approval for a benign-looking command while executing an entirely different, malicious payload. If you’re running OpenClaw before version 2026.3.11, patch now. The Vulnerability CVE-2026-32971 is a flaw in how OpenClaw’s node-host system.run approval mechanism displays shell commands to users. When the approval dialog is triggered, OpenClaw extracts and displays only a subset of the shell payload — the portion it considers “representative” — rather than the full argv that will actually be executed. ...