OpenClaw Approval Context-Binding Weakness in System.Run Execution Flows via Host=Node

A context-binding weakness has been identified in OpenClaw versions prior to 2026.2.26. This vulnerability exists within approval-enabled execution flows on the Node host, specifically in the system.run command. The issue allows for the reuse of previously approved requests by modifying environment variables, thereby bypassing execution-integrity controls. Attackers with access to an approval ID can exploit this weakness by introducing altered environmental inputs into the approved requests.

Impact

Exploitation of this vulnerability could lead to a bypass of execution-integrity controls in approval-enabled workflows, allowing for unauthorized manipulation of execution contexts.

Reproduction

To reproduce this vulnerability, an approval-enabled workflow must be set up on a Node host. Once this is established, a request can be approved and then reused with modified environment variables, taking advantage of the lack of strict binding in the execution context.

Remediation

Users can update to OpenClaw version 2026.2.26 or later, where this vulnerability has been addressed.