OpenClaw Improper Process Termination Vulnerability via Unpatched killProcessTree in shell-utils.ts

A vulnerability exists in OpenClaw versions prior to 2026.3.24, where the !stop chat command improperly terminates processes by using an unpatched killProcessTree function from shell-utils.ts. This function sends a SIGKILL signal immediately, without allowing for a graceful shutdown with SIGTERM. As a result, the !stop command can cause data corruption, resource leaks, and bypass important security-related cleanup tasks.

Impact

Using the !stop command disrupts background processes by sending a SIGKILL signal without prior notification, leading to abrupt termination. This can cause processes to leave tasks incomplete, such as writing data to files or databases, and can result in temporary files or network connections not being properly closed. Additionally, critical security operations, like clearing in-memory sensitive information or finalizing audit logs, are neglected. This vulnerability mirrors the impact of CVE-2026-27486, which aimed to address similar process termination issues.

Reproduction

The vulnerability can be reproduced by using the !stop command in a chat where the OpenClaw bot is active. This command will trigger the unpatched killProcessTree function from shell-utils.ts, sending a SIGKILL to any running background bash processes without allowing them to shut down gracefully. This can be verified by checking for the absence of a 'GRACEFUL_SHUTDOWN' flag, which indicates that the process was not given a chance to terminate properly.

Remediation

Users can update to OpenClaw version 2026.3.24 or later, where this vulnerability has been patched.