CVE-2026-41390

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execu...

CVE-2026-41390

CVE-2026-41390 affects OpenClaw prior to 2026.3.28. The vulnerability is an exec allowlist bypass where allow-always persistence does not unwrap wrappers (e.g., /usr/bin/script) before storing trust decisions, enabling a user-approved wrapped command to persist trust for a wrapper that later exec...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from a permission bypass execution vulnerability, which allowed persistent execution of “always-always”...

PT-2026-35774

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An exec allowlist bypass exists where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. This allows attackers to obtain user approval...

Covert Timing Channel

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Covert Timing Channel via the dispatch-wrapper-resolution.ts and exec-wrapper-resolution.ts processes. An attacker can gain unauthorized code execution by bypassing the intended allowlist...

Interpretation Conflict

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict in the system.run approval process. An attacker can execute unintended local code by crafting wrapper binaries and inducing operators to approve misleading command...

EUVD-2026-17379

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

Duplicate Advisory: OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rw39-5899-8mxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that display...

CVE-2026-32971

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

CVE-2026-32971 OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

PT-2026-29231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains an approval-integrity issue within the node-host system.run approvals functionality. This allows the display of extracted shell payloads instead of the executed arguments. ...

EUVD-2026-14559

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions...

CVE-2026-28455

OpenClaw vulnerable before 2026.2.22 due to an allowlist bypass in system.run exec analysis. The flaw allows attackers to route execution through wrapper binaries (e.g., env, bash) and bypass intended allowlist restrictions by failing to unwrap env and shell-dispatch wrapper chains. Affected prod...

CVE-2026-27566 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...

CVE-2026-27566

OpenClaw is affected by an allowlist bypass in system.run on versions prior to 2026.2.22. The issue arises from failure to unwrap env and shell-dispatch wrapper chains, enabling attackers to route execution through wrapper binaries (such as env or bash) to satisfy allowlist entries while executin...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run process. An attacker can execute unauthorized commands by bypassing allowlist restrictions through wrapper binaries such as env or shell-dispatc...