EUVD-2026-17016
GHSA-qc36-x95h-7j53
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, rewrite referenced scripts on disk, and execute modified code under the approved run context.
Analysis
Approval bypass in OpenClaw before 2026.3.11 allows low-privileged remote attackers to execute arbitrary code by exploiting race conditions in system.run approvals. Attackers obtain legitimate approval for benign scripts, then overwrite referenced files before execution via vulnerable tsx/jiti runners. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw deployments and identify versions prior to 2026.3.11; disable or restrict access to the system.run approval feature pending remediation. Within 7 days: Implement compensating controls (see section below); review audit logs for suspicious approval-then-execute patterns or file modification anomalies around script execution. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today