Executive Summary

CVE-2026-32921 is a vulnerability in OpenClaw versions before 2026.3.8 involving an approval bypass in the system.run function. The issue arises because mutable script operands are not consistently bound between the approval and execution phases, creating a Time-of-check Time-of-use (TOCTOU) race condition.

This flaw allows an attacker to get approval to execute a script, then modify the script file before execution. As a result, the system executes altered script content while still using the originally approved command structure, effectively bypassing the approval process.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized code execution by allowing attackers to run modified scripts that were not originally approved. Since the system executes the altered script content, it can result in execution of malicious commands or code.

The attack vector is network-based, requires low attack complexity and low privileges, and does not require user interaction. The impact includes potential low confidentiality, integrity, and availability losses.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability involves a race condition where mutable script operands are modified after approval but before execution, allowing unauthorized script content to run. Detection would involve monitoring for discrepancies between approved script hashes and the actual script content at execution time.

Specifically, detection can focus on verifying the integrity of script files used in system.run commands by checking their SHA-256 hashes against approved values before execution.

While no explicit commands are provided in the resources, a practical approach would be to compute and compare SHA-256 hashes of script files at approval and execution phases. For example, using commands like:

• sha256sum ./script.sh
• diff or checksum comparison tools to verify that the script content has not changed between approval and execution.

Additionally, monitoring system logs or audit trails for system.run invocations and verifying that the script operands match approved snapshots can help detect exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade OpenClaw to version 2026.3.8 or later, which contains the complete patch preventing mutable script operand drift after approval.

This patch enforces binding of script operands by capturing immutable on-disk file snapshots (including SHA-256 hashes) at approval time and denying execution if the script content changes before execution.

If immediate upgrade is not possible, as a temporary measure, restrict or monitor usage of the system.run function to prevent unauthorized script modifications between approval and execution.

Implement file integrity monitoring on script files used in system.run commands to detect unauthorized changes.

Review and tighten access controls to limit who can modify script files after approval.

Useful 0 Not Useful 0

Compliance Impact

CVE-2026-32921 allows attackers to bypass approval controls and execute modified scripts that were not originally approved. This unauthorized code execution can lead to integrity and confidentiality losses.

Such unauthorized execution of altered scripts could potentially result in unauthorized access to sensitive data or disruption of system operations, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict controls over data integrity, confidentiality, and auditability.

However, the provided information does not explicitly discuss or analyze the direct impact of this vulnerability on compliance with specific standards or regulations.

Useful 0 Not Useful 0