CVE-2026-29608
Approval Integrity Bypass in OpenClaw 2026.3.1 run Node Execution
Publication date: 2026-03-19
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | 2026.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-29608 is an approval integrity vulnerability in OpenClaw version 2026.3.1 affecting the system.run node-host execution function. The issue arises because the system rewrites the command's argument vector (argv), changing the intended command semantics. This rewriting can cause the execution of unintended commands or scripts."}, {'type': 'paragraph', 'content': "Specifically, when a shell wrapper command is approved (e.g., commands like `env sh -c ...`), the system changes the argv such that the actual executed command differs from what the operator approved. For example, the argv might be transformed from `['env','sh','-c','echo SAFE']` to `['/bin/sh','sh','-c','echo SAFE']`. This causes the shell to interpret an extra positional argument as a script path, allowing execution of a malicious local script placed by an attacker in the working directory."}, {'type': 'paragraph', 'content': 'Attackers exploit this by placing malicious scripts locally and tricking the operator into approving a seemingly safe command, which then executes the malicious script due to argv rewriting.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to execution of arbitrary or malicious local scripts despite operator approval of a different, safe command. This means an attacker with local access and the ability to place files in the working directory can bypass command approval controls.
The impact includes high confidentiality, integrity, and availability risks because unintended commands or scripts can run with the privileges of the approved command execution context.
- Execution of unauthorized code or scripts
- Bypassing operator command approval mechanisms
- Potential compromise of system confidentiality, integrity, and availability
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying if the system.run node-host execution rewrites argv in a way that changes command semantics, potentially allowing execution of unintended local scripts.'}, {'type': 'paragraph', 'content': "Specifically, you can check for the presence of suspicious local scripts in working directories that might be executed due to argv rewriting, such as unexpected files named like shell wrapper arguments (e.g., a file named 'sh' in the working directory)."}, {'type': 'paragraph', 'content': 'While no explicit detection commands are provided in the resources, a practical approach includes:'}, {'type': 'list_item', 'content': 'Listing files in working directories where system.run commands are approved to detect unexpected or suspicious scripts.'}, {'type': 'list_item', 'content': "Monitoring execution logs for commands where argv rewriting might have occurred, especially commands involving shell wrappers like 'env sh -c ...'."}, {'type': 'list_item', 'content': 'Using system auditing tools to track execution of local scripts that were not explicitly approved.'}, {'type': 'paragraph', 'content': 'Example commands you might use include:'}, {'type': 'list_item', 'content': 'ls -la in directories where system.run commands are executed to find suspicious scripts.'}, {'type': 'list_item', 'content': 'grep or auditd rules to monitor execution of shell wrapper commands and detect deviations in argv usage.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.2 or later, where the vulnerability has been fixed.
The fix ensures that system.run command approvals involving shell or dispatch wrappers preserve the original argv shape during execution hardening, preventing command spoofing or unauthorized command shape changes.
Until the upgrade is applied, you should:
- Avoid running system.run commands that involve shell wrappers or dispatch wrappers in untrusted or writable working directories.
- Restrict write permissions in directories where approved commands are executed to prevent attackers from placing malicious local scripts.
- Review and tighten approval policies to ensure operators verify the exact command semantics and working directory contents before approval.