Description
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes can be terminated if they match the pattern. The CLI runner cleanup helpers can kill processes matched by command-line patterns without validating process ownership. This issue has been fixed in version 2026.2.14.
Published: 2026-02-21
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (process termination)
Action: Apply Patch
AI Analysis

Impact

The vulnerability lies in OpenClaw's process cleanup mechanism, which enumerates all processes on the host and terminates those whose command line matches a pattern. The cleanup routine does not verify that a matched process belongs to the current OpenClaw instance. As a result, a local or privileged user can trigger the CLI to send SIGKILL signals to any process that matches the pattern, regardless of ownership. This flaw can lead to unintended termination of unrelated processes, causing disruption of services or user tasks, and is classified as CWE‑283, an authorization error. The primary impact is local denial of service through arbitrary process termination.

Affected Systems

The affected product is the OpenClaw personal AI assistant CLI, produced by the vendor OpenClaw. Versions 2026.2.13 and earlier are vulnerable. The issue does not affect the OpenClaw server component or any other platform, as it is confined to the CLI's cleanup helper. The vulnerability applies to deployments running on shared hosts where the OpenClaw CLI has the necessary permissions to enumerate and kill system processes.

Risk and Exploitability

The CVSS base score of 4.3 indicates a moderate severity. The EPSS score is below 1%, implying a very low probability of exploitation at the present time. OpenClaw is not listed in the CISA KEV catalog, and no public exploit code is available yet. The flaw is exploitable by a local attacker who can execute the CLI or has access to its cleanup functionality. Because the bug runs locally and requires only the ability to invoke the cleanup routine, the attack vector is inferred as local or shared-host exploitation. The impact is relatively limited to the host environment and does not provide remote code execution or network compromise.

Generated by OpenCVE AI on April 17, 2026 at 16:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the OpenClaw CLI to version 2026.2.14 or newer, which includes the process ownership validation fix.
  • Restrict the execution of the cleanup helper to trusted users or roles, preventing untrusted local accounts from invoking it.
  • If upgrading immediately is not possible, avoid using the cleanup helpers on shared systems until the patch is applied.

Generated by OpenCVE AI on April 17, 2026 at 16:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jfv4-h8mc-jcp8 OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
History

Tue, 24 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Sat, 21 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes can be terminated if they match the pattern. The CLI runner cleanup helpers can kill processes matched by command-line patterns without validating process ownership. This issue has been fixed in version 2026.2.14.
Title OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
Weaknesses CWE-283
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-24T18:20:44.858Z

Reserved: 2026-02-19T19:46:03.541Z

Link: CVE-2026-27486

cve-icon Vulnrichment

Updated: 2026-02-24T18:19:16.911Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T10:16:12.903

Modified: 2026-02-24T16:53:20.537

Link: CVE-2026-27486

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:00:10Z

Weaknesses