This vulnerability allows unauthenticated attackers to execute arbitrary commands on remote hosts running vulnerable OpenClaw versions. It occurs because unsanitized attachment paths containing shell metacharacters are passed directly to SCP without validation when remote attachment staging is enabled.
Remediation
Upgrade OpenClaw to version 2026.3.13 or later to remediate this vulnerability. If immediate upgrading is not possible, disable remote attachment staging to reduce the risk of exploitation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.