OpenClaw Remote Command Injection Vulnerability via Unsanitized iMessage Attachment Paths in SCP
Vulnerability
A remote command injection vulnerability has been identified in OpenClaw versions prior to 2026.3.13. This issue arises in the iMessage attachment staging process, where unsanitized remote attachment paths containing shell metacharacters are directly passed to the SCP remote operand without proper validation. As a result, attackers can execute arbitrary commands on configured remote hosts when remote attachment staging is enabled.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the remote host specified in the iMessage attachment path.
Reproduction
The vulnerability can be reproduced by sending an iMessage attachment with a filename that includes shell metacharacters, such as '$' or ';'. When the attachment is staged over SCP, the unsanitized path will be executed as a command on the remote host.
Remediation
Users can update to OpenClaw version 2026.3.13 or later, which sanitizes the SCP remote path to remove shell metacharacters before staging attachments.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.