Description
OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.
Published: 2026-02-06
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

An unauthenticated local client can connect to the Gateway WebSocket API and invoke config.apply to write configuration entries. By supplying an unsafe cliPath value, the application stores the string to be used for command discovery during subsequent operations. This allows a local attacker to inject operating‑system commands that are executed on the gateway user’s behalf, leading to arbitrary code execution on the host. The weakness is a combination of missing authentication and OS command injection.

Affected Systems

The vulnerability affects the OpenClaw personal AI assistant, versions earlier than 2026.1.20. The recommendation applies to all deployments of OpenClaw prior to that release.

Risk and Exploitability

The CVSS score of 8.4 reflects significant impact. While the exploit probability (EPSS) is very low (<1%) and the vulnerability is not listed in the CISA KEV catalog, the local attack requirement means that an attacker must already have local or network access to the device. Nevertheless, the absence of authentication on the WebSocket endpoint makes exploitation straightforward for any process running on or able to reach the gateway. Timely patching is therefore essential.

Generated by OpenCVE AI on April 17, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to OpenClaw version 2026.1.20 or later, which removes the vulnerability.
  • If an upgrade is not immediately possible, block or disable access to the Gateway WebSocket API on the host or restrict it to trusted clients using firewall rules or network segmentation.
  • Verify that any cliPath configuration values are either removed or set to safe, predetermined paths, and if possible, apply input validation to reject paths that could lead to command execution.

Generated by OpenCVE AI on April 17, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g55j-c2v4-pjcg OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply
History

Fri, 13 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Mon, 09 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Fri, 06 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.
Title OpenClaw Affected by Unauthenticated Local RCE via WebSocket config.apply
Weaknesses CWE-306
CWE-78
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-09T15:27:48.829Z

Reserved: 2026-02-03T01:02:46.716Z

Link: CVE-2026-25593

cve-icon Vulnrichment

Updated: 2026-02-09T15:20:46.234Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T21:16:17.790

Modified: 2026-02-13T14:44:08.340

Link: CVE-2026-25593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T22:30:29Z

Weaknesses