OpenClaw Approval-Integrity Mismatch Vulnerability in system.run Allowing Command Injection via cmd.exe
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.2.21, where an approval-integrity mismatch in the 'system.run' function allows authenticated operators to execute arbitrary trailing arguments after 'cmd.exe /c'. This exploitation occurs while the approval text only reflects a benign command, creating a discrepancy in the audit logs. The vulnerability enables local command execution on trusted Windows nodes.
Impact
Exploitation of this vulnerability allows for local command execution on the affected Windows node, using the process account of the node.
Reproduction
To reproduce this vulnerability, an authenticated operator must create an approval for a benign command, such as 'echo'. Then, when a 'system.run' request is made using 'cmd.exe /c', malicious trailing arguments can be added. The system will execute these arguments while the approval text still indicates only the original, harmless command.
Remediation
Users can update to OpenClaw version 2026.2.21 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.