CVE-2026-26325
Received Received - Intake
Command Injection via Argument Mismatch in OpenClaw system.run

Publication date: 2026-02-19

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node host / companion node execution path (`system.run` on a node), enable allowlist-based exec policy (`security=allowlist`) with approval prompting driven by allowlist misses (for example `ask=on-miss`), allow an attacker to invoke `system.run`. Default/non-node configurations are not affected. Version 2026.2.14 enforces `rawCommand`/`command[]` consistency (gateway fail-fast + node host validation).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-23
Generated
2026-05-07
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-26325
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in OpenClaw, a personal AI assistant, prior to version 2026.2.14. It involves a mismatch between the rawCommand and command[] parameters in the node host system.run handler. This mismatch can cause the allowlist or approval evaluation to be performed on one command, while a different command is actually executed. This issue only affects deployments that use the node host or companion node execution path (system.run on a node), have allowlist-based execution policies enabled (security=allowlist), and use approval prompting triggered by allowlist misses (such as ask=on-miss). Default or non-node configurations are not affected.

Version 2026.2.14 fixes this vulnerability by enforcing consistency between rawCommand and command[] through gateway fail-fast and node host validation.


How can this vulnerability impact me? :

This vulnerability can allow an attacker who is able to invoke system.run on a node to bypass the intended allowlist or approval checks. Because the evaluation is done on one command but a different command is executed, unauthorized commands could be run with potentially high privileges.

The CVSS v3.1 base score of 7.2 indicates a high severity, with impacts on confidentiality, integrity, and availability. This means the attacker could execute commands that compromise sensitive data, alter system behavior, or disrupt services.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade OpenClaw to version 2026.2.14 or later, which enforces consistency between rawCommand and command[] through gateway fail-fast and node host validation.

Additionally, ensure that your deployment does not use the node host / companion node execution path with allowlist-based exec policy and approval prompting driven by allowlist misses, or disable the allowlist-based exec policy if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart