Description
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.
Published: 2026-03-19
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Path Hijacking
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions 2026.1.21 through 2026.2.18 contain a path hijacking flaw in the tools.exec.safeBins module that bypasses allowlist validation by manipulating the process PATH. Attackers who can influence the gateway process PATH or its launch environment can execute malicious binaries that share an allowlisted name, such as jq, thereby executing arbitrary code in the context of the gateway process. This flaw represents a Remote Code Execution risk tied to CWE-426, compromising confidentiality, integrity, and availability of affected systems.

Affected Systems

The affected vendor is OpenClaw. All versions of OpenClaw prior to 2026.2.19, specifically 2026.1.21 and earlier versions up to but not including 2026.2.19, are vulnerable. No specific patch or fixed version number is provided in the CNA data, but the advisory indicates the issue is resolved in 2026.2.19.

Risk and Exploitability

The CVSS score of 7.3 indicates a High severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. Exploitation requires the attacker to affect the PATH environment of the gateway process, which usually implies local access or the ability to influence process launch parameters. If an attacker can set PATH to a directory under their control, they can launch trojan binaries with allowlisted names, defeating the validation controls. The vulnerability therefore poses a significant risk to environments where PATH is not tightly restricted.

Generated by OpenCVE AI on March 19, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading OpenClaw to version 2026.2.19 or later.
  • Restrict the PATH environment of the gateway process to only trusted directories and remove any user‑modifiable paths.
  • Audit the file system for unexpected binaries that match allowlisted names such as jq and take remediation action if found.
  • If upgrade is delayed, disable or limit execution of allowlisted binaries from untrusted directories as a temporary containment measure.

Generated by OpenCVE AI on March 19, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g75x-8qqm-2vxp OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 20 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan binaries with allowlisted names, such as jq, circumventing executable validation controls.
Title OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-426
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:27:03.144Z

Reserved: 2026-03-10T19:48:38.210Z

Link: CVE-2026-32015

cve-icon Vulnrichment

Updated: 2026-03-20T17:03:08.382Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T22:16:34.810

Modified: 2026-03-25T15:16:43.757

Link: CVE-2026-32015

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:05:30Z

Weaknesses