CVE-2026-27486
Received Received - Intake
Improper Process Termination in OpenClaw CLI Risks Service Disruption

Publication date: 2026-02-21

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes can be terminated if they match the pattern. The CLI runner cleanup helpers can kill processes matched by command-line patterns without validating process ownership. This issue has been fixed in version 2026.2.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-21
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27486
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-283 The product does not properly verify that a critical resource is owned by the proper entity.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27486 is a security vulnerability in the OpenClaw CLI process cleanup mechanism affecting versions 2026.2.13 and below. The issue occurs because the cleanup process uses system-wide process enumeration and pattern matching to terminate processes without verifying if those processes are owned by the current OpenClaw process.

This lack of ownership verification means that on shared hosts, unrelated processes that match the command-line pattern can be mistakenly terminated. Essentially, the CLI runner cleanup helpers can kill processes that are not children of the current OpenClaw process, leading to unintended process termination.

The vulnerability is classified under CWE-283 (Unverified Ownership). It was fixed in version 2026.2.14 by restricting cleanup to only child processes owned by the current process, improving process matching accuracy, and implementing a two-stage termination approach (graceful then forceful).

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can cause unintended termination of unrelated processes on shared or multi-tenant hosts if those processes match the command-line patterns used by OpenClaw's cleanup mechanism."}, {'type': 'paragraph', 'content': "Such unintended process termination could disrupt other users' applications or services running on the same host, potentially leading to data loss, service outages, or degraded system stability."}, {'type': 'paragraph', 'content': 'Because the cleanup does not verify process ownership before killing, critical or unrelated processes might be terminated, which could impact system reliability and user trust.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the OpenClaw CLI process cleanup mechanism improperly terminating unrelated processes by matching command-line patterns without verifying ownership. To detect if this vulnerability is present, you can check the version of the OpenClaw CLI installed on your system. Versions 2026.2.13 and below are vulnerable, while 2026.2.14 and above contain the fix.'}, {'type': 'paragraph', 'content': 'To investigate if unintended processes are being terminated, you can manually list processes with full command lines and parent process IDs to see if any processes matching OpenClaw patterns are running and whether they are children of the OpenClaw process.'}, {'type': 'paragraph', 'content': 'Suggested commands to inspect processes include:'}, {'type': 'list_item', 'content': 'ps -axww -o pid=,ppid=,command= # Lists all processes with PID, PPID, and full command line without truncation'}, {'type': 'list_item', 'content': "grep commands matching OpenClaw patterns, for example: ps -axww -o pid=,ppid=,command= | grep 'codex exec resume' # To find processes related to OpenClaw CLI sessions"}, {'type': 'paragraph', 'content': 'By examining the PPID field, you can verify if processes matching OpenClaw patterns are children of the OpenClaw process or unrelated processes that might be at risk of being terminated incorrectly.'}] [1, 2, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to upgrade the OpenClaw CLI to version 2026.2.14 or later, where the vulnerability has been fixed.'}, {'type': 'paragraph', 'content': 'The fix restricts process cleanup operations to only terminate child processes owned by the current OpenClaw process, preventing unintended termination of unrelated processes on shared hosts.'}, {'type': 'paragraph', 'content': 'If upgrading immediately is not possible, consider the following temporary measures:'}, {'type': 'list_item', 'content': 'Manually monitor and control OpenClaw CLI processes to avoid running cleanup commands that might kill unrelated processes.'}, {'type': 'list_item', 'content': "Avoid running OpenClaw CLI cleanup commands on shared hosts where multiple users' processes might match the cleanup patterns."}, {'type': 'list_item', 'content': 'Implement process monitoring scripts that verify process ownership before termination, mimicking the filtering logic introduced in the fix.'}, {'type': 'paragraph', 'content': 'Ultimately, upgrading to the fixed version is the recommended and most effective mitigation.'}] [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27486. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart