CVE-2026-32023: OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode

March 3, 2026 (updated March 19, 2026)

A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers (for example repeated /usr/bin/env) to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt for shell execution.

References

github.com/advisories/GHSA-ccg8-46r6-9qgj
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b
github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj
nvd.nist.gov/vuln/detail/CVE-2026-32023

Code Behaviors & Features

Detect and mitigate CVE-2026-32023 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →