The vulnerability in OpenClaw allows an attacker to modify local scripts after they have been approved but before they are executed, enabling arbitrary code execution under the OpenClaw runtime user. This flaw arises from an unbound interpreter and runtime command bypass in node-host approval, which permits the replacement of approved scripts with malicious ones. The weakness reflects CWE‑367, where untrusted input is used to construct executable code, leading to a complete loss of integrity and control over the runtime environment.

OpenClaw versions released before 2026.3.11 are affected. The issue surfaces in the Node.js-based OpenClaw application, specifically in the script approval component that manages the binding of local script files to execution contexts. Any installation of OpenClaw on Node.js platforms that has not applied the 2026.3.11 patch is at risk, regardless of the operating system or deployment environment.

The vulnerability carries a CVSS score of 7, indicating a medium to high severity. While EPSS data is unavailable and the issue is not listed in KEV, the potential for remote code execution remains significant. The attack vector is inferred to be remote, as the description states attackers can alter approved scripts from a position of remote access. Successful exploitation would grant the attacker full control of the OpenClaw runtime, enabling further lateral movement or data exfiltration. Because the flaw does not require elevated privileges beyond write access to the script repository, it can be triggered by local adversaries who have compromised the host or via remote code injection if the system exposes writable script directories.