62 matches found
EUVD-2026-9934
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...
CVE-2026-29610
OpenClaw CVE-2026-29610 affects versions prior to 2026.2.14. It describes a command hijacking flaw where PATH manipulation during node-host execution or project-local bootstrapping allows placing malicious executables to override allowlisted safe-bin commands, leading to arbitrary command executi...
GHSA-2858-XG23-26FP OpenClaw: Node camera URL payload host-binding bypass allowed gateway fetch pivots
Summary OpenClaw accepted camera.snap / camera.clip node payload url fields and downloaded them on the gateway/agent host without binding downloads to the resolved node host. In OpenClaw's documented trust model, paired nodes are in the same operator trust boundary, so this is scoped as...
GHSA-7F4Q-9RQH-X36P OpenClaw: macOS optional allowlist basename matching could bypass path-based policy
Summary On macOS node-host, optional exec-approval allowlist mode previously treated basename-only entries for example echo as trusted command matches. This could allow a same-name local binary for example ./echo to run without approval under security=allowlist + ask=on-miss. Scope / Precondition...
OpenClaw: macOS optional allowlist basename matching could bypass path-based policy
Summary On macOS node-host, optional exec-approval allowlist mode previously treated basename-only entries for example echo as trusted command matches. This could allow a same-name local binary for example ./echo to run without approval under security=allowlist + ask=on-miss. Scope / Precondition...
PT-2026-26010
Summary In OpenClaw's macOS node-host path, system.run allowlist parsing in security=allowlist mode failed to reject command substitution tokens when they appeared inside double-quoted shell text. Because of that gap, payloads like echo "ok $id" could be treated as allowlist hits first executable...
PT-2026-26397
Summary On macOS node-host, optional exec-approval allowlist mode previously treated basename-only entries for example echo as trusted command matches. This could allow a same-name local binary for example ./echo to run without approval under security=allowlist + ask=on-miss. Scope / Precondition...
GHSA-HJVP-QHM6-WRH2 OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Summary In approval-enabled host=node workflows, system.run approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input. Affected...
OpenClaw Access Control Error Vulnerability (CNVD-2026-13408)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an access control error vulnerability. The vulnerability stems from a mismatch between rawCommand and command in the node host system.run handler, which can be exploited by an attacker to cause the...
CVE-2026-26325
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node...
CVE-2026-26325
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node...
CVE-2026-26325
OpenClaw OpenClaw npm package is affected in versions
CVE-2026-26325 OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node...
CVE-2026-26325 OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node...
CVE-2026-26325
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node...
GHSA-JQPQ-MGVM-F9R6 OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
Command hijacking via PATH handling Discovered: 2026-02-04 Reporter: @akhmittra Summary OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary "command hijacking" when running host...
PT-2026-23563
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is susceptible to a command hijacking issue. Attackers can execute unintended binaries by manipulating the PATH environment variable through node-host execution or project-local...
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
Summary A mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. Affected Configurations This only impacts deployments that: - Use the node host / companion node executi...
GHSA-H3F9-MJWJ-W476 OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
Summary A mismatch between rawCommand and command in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. Affected Configurations This only impacts deployments that: - Use the node host / companion node executi...