Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-29607

OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Back to all
CVE

CVE-2026-29607

OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution

Summary

In openclaw npm releases up to and including 2026.2.21-2, approving wrapped system.run commands with allow-always in security=allowlist mode could persist wrapper-level allowlist entries and enable later approval-bypass execution of different inner payloads.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.21-2
  • Planned patched version: 2026.2.22

Details

allow-always persistence was based on wrapper-level resolution instead of stable inner executable intent. A benign approved wrapper invocation could therefore broaden future trust boundaries.

Affected paths included gateway and node-host execution approval persistence flows. The fix now persists inner executable paths for known dispatch-wrapper chains (envnicenohupstdbuftimeout) and fails closed when safe unwrapping cannot be derived.

Impact

Authorization boundary bypass in allowlist mode, potentially leading to approval-free command execution (RCE class) on subsequent wrapped invocations.

Mitigation

Upgrade to 2026.2.22 (planned next release) or run with stricter exec policy (ask=always / security=deny) until upgraded.

Fix Commit(s)

  • 24c954d972400f508814532dea0e4dcb38418bb0

Release Process Note

patched_versions is pre-set to 2026.2.22 so this advisory is publish-ready; publish after the npm release is live.

OpenClaw thanks @tdjackey for reporting.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8, https://nvd.nist.gov/vuln/detail/CVE-2026-29607, https://github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb38418bb0, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allow-always-wrapper-persistence

Severity

6.4

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
6.4
EPSS Probability
0.00079%
EPSS Percentile
0.23229%
Introduced Version
0
Fix Available
2026.2.22

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading