Executive Summary

CVE-2026-32978 is a high-severity approval integrity vulnerability in OpenClaw versions before 2026.3.11. The issue occurs because the system.run approval mechanism fails to properly bind mutable file operands for certain script runners like tsx and jiti. Attackers can exploit this by obtaining approval for benign script commands, then rewriting the referenced scripts on disk after approval. This allows them to execute modified, potentially malicious code under the approved run context, bypassing the intended approval checks.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized local code execution with the privileges of the OpenClaw runtime user. An attacker can gain approval for a harmless script command, then alter the script file to execute malicious code under the approved context. This undermines the integrity of the approval process and can result in high impacts on confidentiality, integrity, and availability of the affected system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the system.run approval mechanism failing to bind mutable file operands for certain script runners like tsx and jiti, allowing attackers to execute modified scripts under an approved context.

To detect this vulnerability on your system, you should check for usage of the vulnerable OpenClaw versions prior to 2026.3.11 and monitor for execution of script commands using tsx or jiti runners that might bypass approval integrity.

Suggested commands include:

• Check OpenClaw version installed: `openclaw --version` or check package.json for openclaw npm package version.
• Search for script executions using tsx or jiti in logs or running processes, e.g., `ps aux | grep tsx` or `ps aux | grep jiti`.
• Audit system.run approval logs or configurations to identify approved commands involving tsx or jiti script runners.
• Monitor file changes on disk for scripts referenced by tsx or jiti commands to detect unauthorized modifications.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.11 or later, where the vulnerability is fixed by enforcing a fail-closed policy for approval-backed interpreter and runtime commands.

This update extends direct-file binding coverage to additional runtime forms and prevents bypasses by ensuring exactly one concrete local file operand is bound before execution.

Additionally, you should review and restrict usage of script runners like tsx and jiti in your environment until the upgrade is applied.

Monitor and audit system.run approvals to detect any suspicious or unexpected commands that could exploit this vulnerability.

Useful 0 Not Useful 0

Compliance Impact

CVE-2026-32978 allows attackers to bypass approval integrity checks and execute modified code under an approved context, which undermines the security controls designed to prevent unauthorized code execution.

This type of vulnerability can lead to unauthorized access or modification of sensitive data, potentially violating data protection and security requirements mandated by standards such as GDPR and HIPAA.

Because the vulnerability enables execution of malicious code with the privileges of the OpenClaw runtime user, it may result in breaches of confidentiality, integrity, and availability of data, which are core concerns of these regulations.

Organizations using affected versions of OpenClaw should upgrade to version 2026.3.11 or later to mitigate this risk and maintain compliance with relevant security standards.

Useful 0 Not Useful 0