OpenClaw CLI Unvalidated Process Termination Vulnerability Allowing Unrelated Process Kills

A vulnerability in the OpenClaw command-line interface (CLI) process cleanup mechanism allows for the unvalidated termination of processes. In versions prior to 2026.2.14, the cleanup process used system-wide process enumeration and pattern matching to identify and kill processes. However, it did not verify if these processes were owned by the current OpenClaw instance. This flaw could lead to the accidental termination of unrelated processes on shared hosting environments, where such processes might be running. The issue arises because the CLI cleanup helpers can indiscriminately kill processes based on command-line pattern matches, without validating process ownership.

Impact

Exploitation of this vulnerability could result in the unintended termination of unrelated processes on the same host, potentially disrupting other users or applications.

Reproduction

The vulnerability can be reproduced by running the OpenClaw CLI on a shared host with other users' processes active. After initiating a command that triggers the process cleanup, the CLI will terminate unrelated processes that match the specified command-line patterns. This can be verified by checking which processes have been killed, noting that some may not belong to the current user or application.

Remediation

Users can upgrade to OpenClaw version 2026.2.14 or later, where this vulnerability has been fixed.