Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-32043

OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Back to all
CVE

CVE-2026-32043

OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Summary

In openclaw@2026.2.24, approval-bound system.run on node hosts could be influenced by mutable symlink cwd targets between approval and execution.

Details

Approval matching on the gateway validated command/argv and binding fields, including cwd, as provided text. Node execution later used runtime cwd resolution. A symlinked cwd could therefore be retargeted after approval and before spawn.

OpenClaw's trust model does not treat one shared gateway as a multi-tenant adversarial boundary, but approval integrity is still a security boundary for operator-reviewed command execution.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.24
  • Patched: >= 2026.2.25 

Fix Commit(s)

  • f789f880c934caa8be25b38832f27f90f37903db

Remediation

The fix adds defense-in-depth hardening for approval-bound node execution:

  • reject symlink cwd paths for approval-bound system.run
  • canonicalize path-like executable argv before spawn
  • bind CLI approval requests to exact commandArgv

Release Process Note

Patched version is pre-set to the release (2026.2.25). Advisory published with npm release 2026.2.25.

OpenClaw thanks @tdjackey for reporting.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
5.9
-
4.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc, https://nvd.nist.gov/vuln/detail/CVE-2026-32043, https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter

Severity

7

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7
EPSS Probability
0.0001%
EPSS Percentile
0.0107%
Introduced Version
0
Fix Available
2026.2.25

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading