Description
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations.
Published: 2026-04-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Corruption and Service Disruption
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises from an unpatched killProcessTree function in OpenClaw versions earlier than 2026.3.24, which sends a SIGKILL without a graceful SIGTERM shutdown when the !stop chat command is issued. This behavior can cause data corruption, resource leaks, and the omission of security‑sensitive cleanup operations, compromising data integrity and potentially destabilizing the host process.

Affected Systems

OpenClaw:OpenClaw installations using any release prior to 2026.3.24 are affected. Users deploying earlier versions should verify their deployment and plan an upgrade once the patched release becomes available.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity; the vulnerability lacks a publicly available exploit strategy but can be triggered by anyone with knowledge of the !stop command in the chat interface, inferring a user‑initiated attack path. Because the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the likelihood of widespread exploitation is uncertain but sufficient to warrant timely patching.

Generated by OpenCVE AI on April 10, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.24 or later.
  • If an upgrade is not immediately possible, restrict or disable the !stop chat command to trusted administrators only.
  • Monitor logs for unexpected SIGKILL events and verify that critical cleanup routines are executed after process termination.
  • Apply any additional system hardening measures, such as enforcing strict permission controls on process termination requests.

Generated by OpenCVE AI on April 10, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3298-56p6-rpw2 OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`
History

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations.
Title OpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell-utils.ts
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-404
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T20:17:55.994Z

Reserved: 2026-04-04T12:32:50.476Z

Link: CVE-2026-35667

cve-icon Vulnrichment

Updated: 2026-04-10T20:14:39.156Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:08.883

Modified: 2026-04-28T18:57:14.027

Link: CVE-2026-35667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:35Z

Weaknesses