Description
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text.
Published: 2026-03-19
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unintended Local Code Execution
Action: Patch Now
AI Analysis

Impact

OpenClaw version 2026.3.1 contains an approval integrity vulnerability where the system.run function rewrites its argv array, changing the command to be executed. This allows an attacker who can place malicious scripts in the working directory to have those scripts run even though the operator has approved a different command. The weakness is identified as CWE‑88 and results in the unintended execution of local code, in effect bypassing the intended approval controls.

Affected Systems

Affected product: OpenClaw (vendor OpenClaw). The vulnerability exists in version 2026.3.1 and earlier, as indicated by the CPE entries. No later releases (2026.3.2 or later) are listed as affected.

Risk and Exploitability

The CVSS score of 5.4 classifies the issue as medium severity. The EPSS score of less than 1% suggests low historical exploitation likelihood, and the vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the attack requires local file write ability or pre‑existing local script placement, implying an attacker must have some local influence on the system or obtain a file via another vulnerability. The potential impact is the execution of arbitrary local code, which could lead to privilege escalation or further compromise if the process runs with sufficient rights.

Generated by OpenCVE AI on March 19, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OpenClaw update (≥ 2026.3.2) as soon as it becomes available.
  • If a patch is not yet released, limit the use of system.run by removing or disabling it until a fix is available.

Generated by OpenCVE AI on March 19, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-h3rm-6x7g-882f OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts
History

Thu, 19 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:2026.3.1:*:*:*:*:node.js:*:*

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text.
Title OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-88
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-19T16:09:41.951Z

Reserved: 2026-03-04T16:16:15.967Z

Link: CVE-2026-29608

cve-icon Vulnrichment

Updated: 2026-03-19T16:09:38.040Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T02:16:03.223

Modified: 2026-03-19T19:15:57.043

Link: CVE-2026-29608

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:10:40Z

Weaknesses