Description
OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.
Published: 2026-03-31
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized script execution through approval bypass
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.3.8 allow an attacker to obtain approval for a script to run via the system.run function and then modify the script file before it is executed. The internal handle does not preserve the original script content between the approval and execution phases, enabling the attacker to replace the approved content with malicious instructions without changing the command structure, thereby bypassing the approval mechanism. This vulnerability compromises the integrity of script execution and can lead to arbitrary code running in the application context.

Affected Systems

The vulnerable behavior is present in all releases of OpenClaw before 2026.3.8. Users running that software should verify which minor version they are operating and plan an upgrade accordingly.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting a lower but still notable likelihood of exploitation. An adversary would need to trigger the approval workflow and maintain control over the script file before execution; once accomplished, the attacker can run arbitrary commands. The risk is amplified if system.run is exposed to untrusted users or remote input.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.8 or later to eliminate the mutable operand binding flaw.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script execution, modify the approved script file before execution, and execute different content while maintaining the same approved command shape.
Title OpenClaw < 2026.3.8 - Script Content Modification via Mutable Operand Binding in system.run
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T12:25:16.032Z

Reserved: 2026-03-16T21:19:31.965Z

Link: CVE-2026-32921

cve-icon Vulnrichment

Updated: 2026-03-31T12:25:11.510Z

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:28.920

Modified: 2026-03-31T12:16:28.920

Link: CVE-2026-32921

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:08Z

Weaknesses