Description
OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.
Published: 2026-04-28
Score: 7 High
EPSS: n/a
KEV: No
Impact: Exec Allowlist Bypass
Action: Apply Patch
AI Analysis

Impact

OpenClaw licensed prior to 2026.3.28 fails to unwrap program wrappers such as /usr/bin/script when recording trust decisions. An attacker who can persuade a user to approve a wrapper can persist that approval, allowing the wrapper to execute different underlying commands. This bypass compromises the integrity of the execution allowlist, potentially enabling persistent execution of arbitrary code while appearing authorized.

Affected Systems

OpenClaw Software – versions earlier than 2026.3.28 are affected. The vulnerability applies to all installations that use the default allowlist mechanism for executables.

Risk and Exploitability

The CVSS score of 7 indicates a moderate‑to‑high severity. No EPSS data is provided and the issue is not listed in the KEV catalog, suggesting no known public exploitation, but the flaw is local‑user/privileged and can be leveraged if a user is tricked into approving a wrapper. Once the wrapper is trusted, any program invoked through that wrapper can run with elevated privileges, presenting a significant risk to confidentiality, integrity, and availability.

Generated by OpenCVE AI on April 28, 2026 at 23:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.3.28 or later where the wrapper unwrapping bug is fixed.
  • Verify that all existing trust decisions for executables, especially wrappers like /usr/bin/script, are re‑evaluated or cleared to prevent accidental persistence.
  • Limit or monitor the use of wrapper executables by implementing file‑system or application‑level controls to block unintended execution.

Generated by OpenCVE AI on April 28, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.
Title OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-807
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-28T18:09:50.998Z

Reserved: 2026-04-20T14:13:45.348Z

Link: CVE-2026-41390

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:42.173

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41390

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:15:43Z

Weaknesses