Description
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.
Published: 2026-03-21
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary command execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.2.25 perform a time‑of‑check, time‑of‑use validation for the cwd parameter of its system.run command. The parameter is checked during approval but resolved again when execution occurs, creating a gap that an attacker can exploit by replacing the symbolic link used as the cwd between approval and execution. Through this mechanism the attacker can execute arbitrary commands on the node that hosts OpenClaw.

Affected Systems

The vulnerability affects all installations of OpenClaw running a version before 2026.2.25. The affected product is the Node.js‑based OpenClaw platform, specifically its system.run functionality which is used to run commands on the node hosts.

Risk and Exploitability

The CVSS score is 5.9, indicating moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker would need to modify a symbolic link used as the cwd between approval and execution, implying an attack vector that requires local file‑system write access to the OpenClaw environment. No public exploit has been reported, but the clear path to arbitrary command execution presents a moderate risk to affected systems.

Generated by OpenCVE AI on March 21, 2026 at 08:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor's patch to upgrade OpenClaw to version 2026.2.25 or later
  • If upgrading is not immediately feasible, restrict file permissions on directories that can be used as the cwd for system.run so that symbolic links cannot be modified

Generated by OpenCVE AI on March 21, 2026 at 08:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mwcg-wfq3-4gjc OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
History

Mon, 23 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.
Title OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H'}

cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T18:56:35.785Z

Reserved: 2026-03-10T19:48:44.964Z

Link: CVE-2026-32043

cve-icon Vulnrichment

Updated: 2026-03-23T18:56:25.503Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:06.747

Modified: 2026-03-24T19:10:25.753

Link: CVE-2026-32043

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:30Z

Weaknesses