OpenClaw Approval Integrity Vulnerability in system.run Execution

A vulnerability in OpenClaw version 2026.3.1 allows for approval integrity bypass in the node-host execution of the system.run command. The issue arises from the rewriting of command arguments, which can alter the intended command execution. Attackers can exploit this by placing malicious local scripts in the working directory, potentially executing unintended code, even with operator approval for a different command.

Impact

Exploitation of this vulnerability can lead to unauthorized execution of local scripts, allowing attackers to run unintended code under the current user's context.

Reproduction

To reproduce this vulnerability, first place a malicious script in the working directory. Then, use the system.run command with a wrapper that includes 'env', 'sh', and the '-c' option, followed by a command that would normally be approved, such as 'echo SAFE'. The argv rewriting will change the command execution to interpret the approved text differently, allowing the execution of the malicious script instead.

Remediation

Users can upgrade to OpenClaw version 2026.3.2, which addresses this vulnerability by preserving the integrity of approved commands in the system.run execution.