Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
OpenClaw Node Allows Attackers to Bypass Security Checks
CVE-2026-26325
GHSA-h3f9-mjwj-w476
Summary
OpenClaw Node is affected by a security issue that allows attackers to bypass security checks if they can run a command on the system. This happens when the system is configured to ask for approval before running certain commands and the attacker provides a command that is allowed, but executes a different command. To fix this, OpenClaw developers recommend updating to version 2026.2.14 or later, which ensures that the command being run is consistent with the one that is allowed.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
Original description
## Summary
A mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv.
## Affected Configurations
This only impacts deployments that:
- Use the node host / companion node execution path (`system.run` on a node).
- Enable allowlist-based exec policy (`security=allowlist`) with approval prompting driven by allowlist misses (for example `ask=on-miss`).
- Allow an attacker to invoke `system.run`.
Default/non-node configurations are not affected.
## Impact
In affected configurations, an attacker who can invoke `system.run` can bypass allowlist enforcement and approval prompts by supplying an allowlisted `rawCommand` while providing a different `command[]` argv for execution.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
- Patched version: `>= 2026.2.14` (planned next release)
## Fix
Enforce `rawCommand`/`command[]` consistency (gateway fail-fast + node host validation).
## Fix Commit(s)
- cb3290fca32593956638f161d9776266b90ab891
## Release Process Note
This advisory pre-sets the patched version to the planned next release (`2026.2.14`). Once `[email protected]` is published to npm, the advisory can be published without further edits.
Thanks @christos-eth for reporting.
A mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv.
## Affected Configurations
This only impacts deployments that:
- Use the node host / companion node execution path (`system.run` on a node).
- Enable allowlist-based exec policy (`security=allowlist`) with approval prompting driven by allowlist misses (for example `ask=on-miss`).
- Allow an attacker to invoke `system.run`.
Default/non-node configurations are not affected.
## Impact
In affected configurations, an attacker who can invoke `system.run` can bypass allowlist enforcement and approval prompts by supplying an allowlisted `rawCommand` while providing a different `command[]` argv for execution.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.13`
- Patched version: `>= 2026.2.14` (planned next release)
## Fix
Enforce `rawCommand`/`command[]` consistency (gateway fail-fast + node host validation).
## Fix Commit(s)
- cb3290fca32593956638f161d9776266b90ab891
## Release Process Note
This advisory pre-sets the patched version to the planned next release (`2026.2.14`). Once `[email protected]` is published to npm, the advisory can be published without further edits.
Thanks @christos-eth for reporting.
nvd CVSS3.1
7.2
Vulnerability type
CWE-284
Improper Access Control
- https://nvd.nist.gov/vuln/detail/CVE-2026-26325
- https://github.com/advisories/GHSA-h3f9-mjwj-w476
- https://github.com/openclaw/openclaw/commit/cb3290fca32593956638f161d9776266b90a... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Product Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-h3f9-mjwj-w476 Patch Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026