OpenClaw TOCTOU Vulnerability in Script Validation Allows Workspace Boundary Bypass

A time-of-check-time-of-use (TOCTOU) vulnerability has been identified in OpenClaw versions prior to 2026.4.10. The issue resides in the 'validateScriptFileForShellBleed' function, where local attackers can bypass workspace boundary checks. An attacker with write access to the workspace can exploit this vulnerability by swapping the target file between the validation and preflight read stages. This race condition causes the validator to read a different file identity than the one that initially passed the boundary check.

Impact

Exploitation of this vulnerability leads to a TOCTOU race condition, allowing for manipulation of file identities during the validation process. While the impact is limited and does not involve arbitrary file disclosure, it disrupts the intended boundary checks for workspace-local script files before execution.

Reproduction

The vulnerability can be reproduced by creating a script file within the workspace that the validation function will read. While the file is being validated, the file can be swapped with another one, causing the preflight analysis to read a different file than the one that was initially checked. This can be done by manipulating the file path during the validation window, taking advantage of the race condition.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.10 or later, as the latest npm release includes the necessary fix.