What is the CVSS score of EUVD-2026-12738?

EUVD-2026-12738 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by EUVD-2026-12738?

CVE-2026-27545 presents moderate security risk rated CVSS 6.1. Exploitation could compromise the security of affected deployments.. A patch is available.

Openclaw EUVD-2026-12738

| CVE-2026-27545 MEDIUM

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2026-03-18 VulnCheck

GHSA-f7ww-2725-qvw2

Authentication Bypass Openclaw

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 18, 2026 - 02:30 euvd

EUVD-2026-12738

Analysis Generated

Mar 18, 2026 - 02:30 vuln.today

Patch released

Mar 18, 2026 - 02:30 nvd

Patch available

CVE Published

Mar 18, 2026 - 01:34 nvd

MEDIUM 6.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

2 npm packages depend on openclaw (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.2.26.

DescriptionNVD

OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string.

AnalysisAI

OpenClaw versions prior to 2026.2.26 contain a Time-of-Check-Time-of-Use (TOCTOU) approval bypass vulnerability in the system.run execution function that allows local attackers with low privileges to execute arbitrary commands from unintended filesystem locations. An attacker can exploit a race condition by modifying parent symlinks in the current working directory after command approval but before execution, redirecting execution while maintaining the appearance of a safe working directory. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-12738 vulnerability details – vuln.today

Back