EUVD-2026-17018
GHSA-wmgj-hrx3-23gj
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.
Analysis
Time-of-check-time-of-use (TOCTOU) race condition in OpenClaw runtime (<2026.3.11) allows local authenticated attackers with low privileges to execute arbitrary code by modifying approved scripts between authorization and execution phases. The vulnerability (CWE-367) enables privilege escalation to the OpenClaw runtime user context, requiring user interaction but trivial attack complexity. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running OpenClaw runtime versions before 2026.3.11 and document their business criticality and access control. Within 7 days: Implement strict file permission controls (read-only for approved scripts) and monitor script modification logs; contact OpenClaw vendor for patch ETA and interim guidance. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today