OpenClaw Approval Bypass Vulnerability in system.run Script Execution
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.3.8, allowing an approval bypass in the system.run function. This issue arises because mutable script operands are not properly bound between the approval and execution stages. As a result, an attacker can gain approval for a script to be executed, alter the script file before it is run, and execute different content while keeping the same approved command structure. The vulnerability specifically affects interpreter-style script operands for shell, bun, and deno.
Impact
Exploitation of this vulnerability allows for unauthorized modification of approved script executions, potentially leading to the execution of malicious content under the guise of a legitimate command.
Reproduction
To reproduce this vulnerability, first obtain approval for a script execution that involves a mutable operand, such as a file script. After approval is granted, modify the script file to include different content. When the execution is carried out, the altered script will be executed, despite the approval process not allowing such a change.
Remediation
Users can update to OpenClaw version 2026.3.8 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.