Description
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.
Published: 2026-03-29
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Approval Bypass
Action: Immediate Patch
AI Analysis

Impact

OpenClaw software contains an approval integrity flaw in its system.run function. The vulnerability allows the bypass of approval checks for certain script runners such as tsx and jiti. An attacker who can trick the system into approving a benign script command can subsequently rewrite the referenced script file on disk and then execute the altered code under the already approved run context. This results in arbitrary code execution with the privileges of the running process, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

Any installation of OpenClaw prior to version 2026.3.11 is potentially vulnerable. The vulnerability is present in all builds before the 2026.3.11 release across all supported platforms when the system.run feature is enabled and unrecognized script runners are allowed to be executed.

Risk and Exploitability

The CVSS score for this issue is 9.4, indicating a high severity level. The exploit probability score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is inferred to be local or remote exploitation through privileged script execution, depending on the attacker’s ability to influence the approval process or modify script files. If the attacker can obtain file write access and trigger system.run, the flaw can be leveraged to run arbitrary code.

Generated by OpenCVE AI on March 29, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.3.11 or later
  • Ensure that only authorized script runners are permitted in system.run configurations
  • Apply strict file permissions to directories containing run scripts to prevent unauthorized modifications
  • Consider disabling script runner extensions such as tsx and jiti if not required

Generated by OpenCVE AI on March 29, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qc36-x95h-7j53 OpenClaw: Unrecognized script runners could bypass `system.run` approval integrity
History

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 29 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.
Title OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T14:31:21.412Z

Reserved: 2026-03-17T11:31:33.584Z

Link: CVE-2026-32978

cve-icon Vulnrichment

Updated: 2026-03-30T14:31:12.417Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-29T13:17:01.963

Modified: 2026-03-30T17:15:43.657

Link: CVE-2026-32978

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:58:17Z

Weaknesses