OpenClaw versions before 2026.3.1 allow an attacker who can influence PATH resolution after an operation has been approved via system.run to execute an unintended binary. The software fails to pin the executable identity when the argv[0] token does not look like a file path, so a post‑approval rebind can subvert the operator’s approval. This flaw enables an attacker to run arbitrary commands with the privileges of the operator, resulting in Remote Code Execution. The weakness is identified as CWE‑367, indicating improper verification of executable identity.

The vulnerability affects all installations of OpenClaw with versions earlier than 2026.3.1. No specific sub‑releases are listed in the advisory. The issue is tied to the OpenClaw server component running under Node.js, as shown by the CPE string. Administrators should verify the OpenClaw version deployed in their environment and ensure it is not older than 2026.3.0.

The CVSS base score is 4.4, indicating a moderate severity risk. EPSS data is not provided and the issue is not in the CISA KEV catalog, suggesting no known active exploitation in the wild. However, the attack requires that the attacker be able to modify the PATH after an approval has been granted, typically implying local or privileged conditions. If successful, the attacker gains full control over the system and can compromise confidentiality, integrity, and availability. No public exploits are reported, but the potential for future exploitation warrants prompt action.