Description
OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.
Published: 2026-04-28
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Exec Allowlist Bypass
Action: Apply Patch
AI Analysis

Impact

OpenClaw licensed prior to 2026.3.28 fails to unwrap program wrappers such as /usr/bin/script when recording trust decisions. An attacker who can persuade a user to approve a wrapper can persist that approval, allowing the wrapper to execute different underlying commands. This bypass compromises the integrity of the execution allowlist, potentially enabling persistent execution of arbitrary code while appearing authorized.

Affected Systems

OpenClaw Software – versions earlier than 2026.3.28 are affected. The vulnerability applies to all installations that use the default allowlist mechanism for executables.

Risk and Exploitability

The CVSS score of 7 indicates a moderate‑to‑high severity. No EPSS data is provided and the issue is not listed in the KEV catalog, suggesting no known public exploitation, but the flaw is local‑user/privileged and can be leveraged if a user is tricked into approving a wrapper. Once the wrapper is trusted, any program invoked through that wrapper can run with elevated privileges, presenting a significant risk to confidentiality, integrity, and availability.

Generated by OpenCVE AI on April 28, 2026 at 23:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.3.28 or later where the wrapper unwrapping bug is fixed.
  • Verify that all existing trust decisions for executables, especially wrappers like /usr/bin/script, are re‑evaluated or cleared to prevent accidental persistence.
  • Limit or monitor the use of wrapper executables by implementing file‑system or application‑level controls to block unintended execution.

Generated by OpenCVE AI on April 28, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6pfc-6m7w-m8fx OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper
History

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.
Title OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-807
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T19:26:39.243Z

Reserved: 2026-04-20T14:13:45.348Z

Link: CVE-2026-41390

cve-icon Vulnrichment

Updated: 2026-04-29T19:26:30.403Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T19:37:42.173

Modified: 2026-06-17T10:46:38.580

Link: CVE-2026-41390

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:15:43Z

Weaknesses
  • CWE-807

    Reliance on Untrusted Inputs in a Security Decision