CVE-2026-29607
Received Received - Intake
Authorization Bypass in OpenClaw Allows Remote Code Execution

Publication date: 2026-03-19

Last updated on: 2026-03-25

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remote code execution on gateway and node-host execution flows.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29607
EUVD
EUVD-2026-13015
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-29607 is an authorization bypass vulnerability in OpenClaw versions prior to 2026.2.22. It occurs in the allow-always wrapper persistence mechanism, which improperly persists approval for wrapper-level allowlist entries based on the wrapper invocation rather than the actual inner executable being run.'}, {'type': 'paragraph', 'content': 'This flaw allows attackers to bypass future approval checks by reusing an approved wrapper command to execute different inner payloads without additional approval. Essentially, attackers can approve benign wrapped commands and then execute unauthorized commands, leading to remote code execution on gateway and node-host execution flows.'}, {'type': 'paragraph', 'content': "The root cause is that the system trusts the wrapper executable path instead of unwrapping it to verify the inner executable's intent, broadening the trust boundary and enabling approval bypass."}] [1, 3]

Impact Analysis

This vulnerability can allow remote attackers to execute arbitrary commands on affected systems by bypassing approval checks. Attackers can leverage approved benign wrapper commands to run unauthorized payloads without further approval.

The impact includes remote code execution on both gateway and node-host execution flows, which can compromise system confidentiality, integrity, and availability.

  • Remote code execution (RCE) on gateway and node-host systems.
  • Bypassing security approval mechanisms, leading to unauthorized command execution.
  • Potential privilege escalation and system compromise.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-29607 vulnerability, you should upgrade OpenClaw to version 2026.2.22 or later, which contains the fix for the authorization bypass issue.

Until the upgrade can be applied, it is recommended to run OpenClaw with stricter execution policies such as setting the execution approval mode to ask=always or security=deny. This prevents unauthorized command execution by requiring explicit approval for each command.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29607. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart