OpenClaw OpenShell Arbitrary Code Execution Vulnerability in Mirror Mode

A vulnerability allowing arbitrary code execution exists in OpenClaw's OpenShell feature, specifically in versions prior to 2026.3.28. This issue arises when mirror mode is used, as it can transform untrusted sandbox files into workspace hooks that are executed on the host during gateway startup. Attackers with access to mirror mode can exploit this vulnerability by taking advantage of the activated workspace hooks.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the host machine.

Reproduction

To reproduce this vulnerability, first ensure that OpenClaw is running a version prior to 2026.3.28 and that mirror mode is enabled. Create a sandbox file that includes a handler script in a directory named 'hooks/evil'. This script should contain code that, when executed, writes a file (e.g., 'pwned') to a temporary location. Once the sandbox file is prepared, upload it to a workspace that has hooks enabled. During the gateway startup, the untrusted code from the sandbox file will be executed, leading to arbitrary code execution on the host.

Remediation

Users can upgrade to OpenClaw version 2026.3.28 or later to address this vulnerability.