Description
OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check.
Published: 2026-05-05
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a time‑of‑check to time‑of‑use race condition in the validateScriptFileForShellBleed function of OpenClaw, which allows a local user with workspace write privileges to race‑condition swap the target file between validation and preflight read, causing the validator to inspect a different file after the initial boundary check. This bypasses the tool’s workspace boundary checks and may enable unauthorized access or execution of files outside the intended workspace. The likely attack vector is local and requires write access within the workspace.

Affected Systems

OpenClaw versions earlier than 2026.4.10 are affected. The product is the OpenClaw application, distributed as a Node.js package.

Risk and Exploitability

The CVSS score of 2.0 indicates a low severity vulnerability, and no EPSS data is available, so the likelihood of widespread exploitation is currently low. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local write access to a workspace, allowing a user to race‑condition the target script file between validation and its preflight read. A successful attack can bypass workspace boundaries, leading to unauthorized file access or execution within the workspace context.

Generated by OpenCVE AI on May 5, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.4.10 or later, which contains the fix for the TOCTOU race.
  • Restrict write permissions on workspace directories to trusted users only and monitor for unexpected file changes.
  • Limit the execution of custom or untrusted scripts within the workspace to reduce the risk of exploiting the race condition.

Generated by OpenCVE AI on May 5, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gj9q-8w99-mp8j OpenClaw: TOCTOU read in exec script preflight
History

Tue, 05 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflight read, causing the validator to inspect a different file identity than the one that passed the initial boundary check.
Title OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T12:18:10.908Z

Reserved: 2026-05-01T16:56:19.947Z

Link: CVE-2026-43529

cve-icon Vulnrichment

Updated: 2026-05-05T12:18:07.753Z

cve-icon NVD

Status : Received

Published: 2026-05-05T12:16:19.057

Modified: 2026-05-05T12:16:19.057

Link: CVE-2026-43529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:15:15Z

Weaknesses