OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
Low
Partial disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Openclaw Openclaw
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
|
— |
2026.2.26
|
References 7
https://github.com/openclaw/openclaw/commit/4b4718c8dfce2e2c48404aa5088af7c013b…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/4e690e09c746408b5e27617a20cb3fdc519…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/78a7ff2d50fb3bcef351571cb5a0f21430a…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/d06632ba45a8482192792c55d5ff0b2e21a…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/commit/d82c042b09727a6148f3ca651b254c4a677…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-f7ww-2725-qvw2
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-parent-symlin…
disclosure@vulncheck.com