Description
OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo without approval when security=allowlist and ask=on-miss are configured, bypassing intended path-based policy restrictions.
Published: 2026-03-19
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Binary Execution
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions before 2026.2.22 on macOS contain a path validation flaw in the exec-approval allowlist mode. The defect arises when the allowlist contains only basename entries; attackers can exploit the fallback behavior by placing a malicious binary with the same name as an approved executable in a different directory. This bypasses the intended path-based policy and allows a local attacker to run arbitrary commands, potentially compromising the system. The weakness is a form of directory traversal, as identified by CWE‑426.

Affected Systems

OpenClaw software, versions older than 2026.2.22, running on macOS. Users who have configured security=allowlist and ask=on-miss are affected. No other operating systems or product versions are listed.

Risk and Exploitability

The CVSS base score is 7.3, indicating high severity. EPSS indicates a low probability of exploitation (<1 %). The vulnerability is not on the CISA KEV list. Exploit requires local file‑system access and sufficient privileges to launch OpenClaw. An attacker who can write or modify files in a directory where basename‑only allowlist entries appear can drop a malicious binary with the same name as an approved executable and trigger its execution. Normal user privileges are enough to exploit the flaw once OpenClaw is started.

Generated by OpenCVE AI on March 24, 2026 at 22:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.22 or later
  • Avoid using basename-only allowlist entries; specify full paths in the allowlist

Generated by OpenCVE AI on March 24, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7f4q-9rqh-x36p OpenClaw: macOS optional allowlist basename matching could bypass path-based policy
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 24 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo without approval when security=allowlist and ask=on-miss are configured, bypassing intended path-based policy restrictions.
Title OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-426
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Apple Macos
Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:27:18.434Z

Reserved: 2026-03-10T19:48:38.211Z

Link: CVE-2026-32016

cve-icon Vulnrichment

Updated: 2026-03-21T03:20:17.266Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T22:16:35.027

Modified: 2026-03-25T15:16:43.993

Link: CVE-2026-32016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:54:29Z

Weaknesses