CVE
GHSA-wmgj-hrx3-23gj
Duplicate Advisory: OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xf99-j42q-5w5p. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p, https://nvd.nist.gov/vuln/detail/CVE-2026-32979, https://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval
Basic Information
Ecosystem
