OpenClaw patches critical SCP command injection in iMessage staging

TL;DR — A critical SCP remote-operand command injection in openclaw can let attackers execute arbitrary commands on configured remote hosts when iMessage attachment staging is enabled.

What happened

OpenClaw is the openclaw npm package (product OpenClaw). CVE-2026-32917 describes a remote command injection vulnerability in the iMessage attachment staging flow.

Per the CVE record, the bug exists because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, enabling command execution when remote attachment staging is enabled.

The CVE record rates this as Critical (CVSS v3.1 base score 9.8, CVSS v4.0 base score 9.2). This is a high-blast-radius vulnerability class because it crosses the trust boundary from inbound content into OS command execution against a configured remote host.

Who is impacted

• Projects using the openclaw package versions < 2026.3.13.
• Deployments where the iMessage attachment staging flow is configured to stage attachments to remote hosts (i.e., remote attachment staging is enabled).

What to do now

• Follow vendor remediation guidance and apply the patched release (2026.3.13).
• Inventory production and CI usage of openclaw (lockfiles, container images, deployed artifacts) and identify any instances running < 2026.3.13.
• For environments that enable remote attachment staging, review configurations and logs for suspicious attachment-path values (especially shell metacharacters) and validate the integrity of any configured remote host(s).
• If you suspect exploitation, rotate credentials accessible to the OpenClaw service and the configured remote host(s), then investigate for unexpected commands executed via scp.