OpenClaw Remote Code Execution Vulnerability via Node Invoke Approval Bypass

A remote code execution vulnerability has been identified in OpenClaw versions prior to 2026.2.14. The issue arises in the gateway's node.invoke parameters, where internal approval fields are not properly sanitized. This flaw allows authenticated clients to bypass execution approval for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and continuous integration runners.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on connected node hosts, which can lead to a full compromise of developer workstations, CI runners, and servers running the node host.

Reproduction

To reproduce this vulnerability, an authenticated gateway client must inject untrusted approval control fields into the 'node.invoke' parameters, specifically for the 'system.run' command. This can be done by manipulating the 'params' to include approval fields that the gateway will accept, thereby bypassing the normal approval process.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.14 or later. After upgrading, the gateway will properly sanitize approval control fields before forwarding them to node hosts. Additionally, access to the gateway should be restricted to trusted networks and users, and gateway credentials should be rotated if there is a suspicion of exposure.