CVE-2026-43529
Time-of-Check-Time-of-Use Flaw in OpenClaw
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-43529 is a Time-of-Check-Time-of-Use (TOCTOU) race condition vulnerability in OpenClaw versions before 2026.4.10. It occurs in the validateScriptFileForShellBleed function, where the software first validates a script file's path and then reads the file. An attacker with local workspace write access can exploit this by swapping the target file between the validation and the read phases, causing the validator to inspect a different file than the one initially checked.
This vulnerability allows bypassing workspace boundary checks because the validator's check and use operations are not atomic, enabling a race condition attack.
The issue was fixed by replacing the check-then-read approach with an atomic pinned-file-descriptor open method, ensuring the file identity remains consistent during validation and adding stricter path resolution checks to prevent directory traversal and symlink manipulation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability allows a local attacker with write access to the workspace to bypass security boundary checks by swapping files during script validation. This could lead to the validator inspecting and potentially executing or processing a malicious file instead of the intended one.
However, the impact is limited because exploitation requires local write access and the validator only exposes derived content such as tokens or line numbers, not the full script execution context.
The severity is rated as low with a CVSS v4 base score of 2.0, indicating limited impact but still a security risk that should be addressed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local Time-of-Check-Time-of-Use (TOCTOU) race condition in the validateScriptFileForShellBleed function of OpenClaw before version 2026.4.10. Detection involves verifying the OpenClaw version installed on your system to determine if it is vulnerable.
You can detect if your system is vulnerable by checking the installed OpenClaw version with the following command:
- openclaw --version
If the version is earlier than 2026.4.10, your system is vulnerable to this TOCTOU issue.
Since this is a local race condition vulnerability, network detection is not applicable. Monitoring for suspicious file modifications or race conditions would require custom scripts or tools, but no specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, where the vulnerability has been fixed.
The fix replaces the vulnerable check-then-read sequence with an atomic pinned-file-descriptor open approach, ensuring the file identity remains consistent during validation and preventing race condition exploitation.
Additionally, ensure that only trusted users have workspace write access, as exploitation requires local write permissions.
If immediate upgrade is not possible, restrict write access to the workspace directories and monitor for suspicious file changes to reduce risk.