Description
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remote code execution on gateway and node-host execution flows.
Published: 2026-03-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw contains an authentication bypass in the allow-always wrapper persistence logic that lets remote attackers bypass approval checks by persisting wrapper-level allowlist entries without validating the inner executable intent. This flaw is classified as CWE-78 and can result in remote code execution: attackers can approve benign wrapped system.run commands and later execute arbitrary payloads on gateway and node-host execution flows.

Affected Systems

Affect all OpenClaw installations prior to version 2026.2.22. The product is OpenClaw running on Node.js, as indicated by the CPE entry. Administrators should verify that their deployments do not use a version older than 2026.2.22.

Risk and Exploitability

The CVSS base score of 7.1 reflects a medium‑to‑high severity. The vulnerability can be remotely exploited via crafted wrapper requests; the description states that attackers can approve benign wrapped commands and subsequently execute arbitrary payloads, achieving full remote code execution. No EPSS score is available, and the issue is not listed in CISA’s KEV catalog, but the absence of public exploit data does not reduce the potential risk. The attack vector is inferred from the description as a remote vector involving network access to the OpenClaw instance and the ability to submit a wrapper for approval.

Generated by OpenCVE AI on March 19, 2026 at 02:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the OpenClaw patch to version 2026.2.22 or newer.

Generated by OpenCVE AI on March 19, 2026 at 02:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6j27-pc5c-m8w8 OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remote code execution on gateway and node-host execution flows.
Title OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:31:10.922Z

Reserved: 2026-03-04T16:16:15.967Z

Link: CVE-2026-29607

cve-icon Vulnrichment

Updated: 2026-03-23T16:45:41.114Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T02:16:03.010

Modified: 2026-03-25T15:16:42.653

Link: CVE-2026-29607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:51:31Z

Weaknesses