Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-31997 affects OpenClaw versions prior to 2026.3.1 and involves a Time-of-Check to Time-of-Use (TOCTOU) race condition in the system.run approvals mechanism.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because OpenClaw fails to securely pin the executable identity when the argv[0] token is non-path-like during approval. This means that if a command is approved based on a token like "tr" that relies on PATH resolution, the actual executable that runs can be changed after approval by modifying the PATH environment variable.'}, {'type': 'paragraph', 'content': 'As a result, an attacker can perform an executable rebind attack by changing the PATH after approval but before execution, causing the system to run a different binary than the one originally approved by the operator.'}, {'type': 'paragraph', 'content': 'This allows arbitrary command execution with limited privileges.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on the affected system by substituting the approved executable with a malicious one after approval.

Because the system.run approvals do not pin the executable identity securely, an attacker with the ability to modify the PATH environment variable can cause the system to run unauthorized binaries.

This can lead to unauthorized code execution with limited privileges, potentially compromising system integrity and security.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves a Time-of-Check to Time-of-Use (TOCTOU) race condition in OpenClaw's system.run approvals where the executable identity is not securely pinned if argv[0] is a non-path-like token. Detection involves verifying if OpenClaw versions prior to 2026.3.1 are in use and checking if system.run approvals rely on PATH resolution for executable commands."}, {'type': 'paragraph', 'content': 'To detect potential exploitation or presence of this vulnerability, you can:'}, {'type': 'list_item', 'content': 'Check the OpenClaw version installed on your system to confirm if it is older than 2026.3.1.'}, {'type': 'list_item', 'content': 'Audit system.run approval logs or configurations to identify commands approved using non-path-like argv[0] tokens that depend on PATH resolution.'}, {'type': 'list_item', 'content': 'Monitor for unexpected changes to the PATH environment variable between approval and execution of commands.'}, {'type': 'list_item', 'content': 'Use system commands to verify the realpath of executables invoked by system.run, for example:'}, {'type': 'list_item', 'content': ' - `which <command>` to see which executable is resolved by PATH.'}, {'type': 'list_item', 'content': ' - `realpath $(which <command>)` to get the canonical path of the executable.'}, {'type': 'list_item', 'content': 'Compare the approved executable path with the actual resolved executable path at runtime to detect discrepancies.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.1 or later, where the vulnerability is fixed by enforcing pinning of executable identities to their canonical paths during both approval and execution.

Additional immediate steps include:

• Avoid using non-path-like argv[0] tokens that rely on PATH resolution in system.run approvals.
• Ensure that the PATH environment variable is not modified between the approval and execution phases of system.run commands.
• Audit and restrict permissions to modify PATH or related environment variables to trusted users only.
• Review and tighten system.run approval policies to require explicit, canonical executable paths rather than relying on PATH resolution.

Useful 0 Not Useful 0