Primary

Context

OpenClaw Executable Rebind Vulnerability in System.run Approvals

Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.3.1, where the application fails to properly bind executable identity for non-path-like argv[0] tokens in system.run approvals. This oversight allows post-approval executable rebind attacks, where an attacker can alter PATH resolution after an approval has been granted, executing a different binary than originally approved by the operator. This flaw enables arbitrary command execution.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands, using a different binary than the one the operator approved.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later to address this vulnerability.

Added: Mar 19, 2026, 2:22 AM

Updated: Mar 19, 2026, 2:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Executable Rebind Vulnerability in System.run Approvals

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating