CVE-2026-29608

MEDIUM EPSS 3.0%
Published Mar 19, 20263mo ago · Modified Jun 17, 20261w ago
5.4 CVSS 4.0
Medium
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text.

CVSS Details

Base Score
5.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
3.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-88

Affected Products 1

VendorProductVersionRange
openclawopenclaw2026.3.1any

References 3

  • github.com https://github.com/openclaw/openclaw/commit/dded569626b0d8e7bdab10b5e7528b6caf73a0f1
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-h3rm-6x7g-882f
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-approval-integrity-bypass-via-system-run-argv-rewriting
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/dded569626b0d8e7bdab10b5e7528b6caf73a0f1
    Patch