Description
OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.
Published: 2026-03-31
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Execution of unintended local commands
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.3.11 possess an approval‑integrity flaw in the node‑host system.run approval process that displays extracted shell payloads but actually executes a different argv. This mismatch allows an attacker to craft wrapper binaries or command wrappers that, after an operator accepts the misleading command text, run arbitrary local commands. The result is an unintended execution of code on the target system, compromising its integrity and potentially leading to further compromise.

Affected Systems

The affected product is OpenClaw OpenClaw. All releases before 2026.3.11 are impacted. The vulnerability is present in the Node.js‑based node‑host component of the application.

Risk and Exploitability

The CVSS score is 7.3, indicating a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an attacker to have access to submit a command for approval through the OpenClaw UI, implying a need for user credentials or social engineering. The likely attack vector is an internal or compromised account that can submit a command for approval, leading to local code execution after operator approval.

Generated by OpenCVE AI on March 31, 2026 at 12:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that upgrades OpenClaw to version 2026.3.11 or later.
  • If a patch is not immediately available, restrict the system.run approval feature to highly trusted users and review all approved commands for consistency between displayed payload and executed argv.
  • If the system.run approval feature is not required, disable it to eliminate the attack surface.

Generated by OpenCVE AI on March 31, 2026 at 12:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text.
Title OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows Execution of Unintended Commands
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-451
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-01T03:55:45.217Z

Reserved: 2026-03-17T11:31:33.584Z

Link: CVE-2026-32971

cve-icon Vulnrichment

Updated: 2026-03-31T14:58:02.897Z

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:29.280

Modified: 2026-03-31T12:16:29.280

Link: CVE-2026-32971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:00Z

Weaknesses