OpenClaw Time-of-Check-Time-of-Use Vulnerability in System.run Execution
Vulnerability
A time-of-check-time-of-use vulnerability has been identified in OpenClaw versions prior to 2026.2.25. This vulnerability affects the approval-bound system.run execution on node hosts. The issue arises because the cwd (current working directory) parameter is validated at the time of approval but resolved at execution time. Attackers can exploit this by retargeting a symlinked cwd between the approval and execution stages, bypassing command execution restrictions and allowing the execution of arbitrary commands on node hosts.
Impact
Exploitation of this vulnerability allows for approval-based command execution to be manipulated, potentially leading to unauthorized command execution on node hosts.
Reproduction
To reproduce this vulnerability, create a symlinked directory that points to a valid cwd. During the approval phase, the symlink can be set to point to a different location. Once the approval is granted, the symlink can be retargeted to a location that executes a malicious payload, effectively bypassing the approval process.
Remediation
Users can update to OpenClaw version 2026.2.25 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.