GHSA-W6F4-3V35-QJHJ Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

PT-2026-26734

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

GHSA-6RCP-VXWF-3MFP OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

PT-2026-26002

Summary A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string. This requires an authenticated operator context using the approvals flow and a trusted Windows node. Affected...