CVE-2026-26325
OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
Description
## Summary A mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. ## Affected Configurations This only impacts deployments that: - Use the node host / companion node execution path (`system.run` on a node). - Enable allowlist-based exec policy (`security=allowlist`) with approval prompting driven by allowlist misses (for example `ask=on-miss`). - Allow an attacker to invoke `system.run`. Default/non-node configurations are not affected. ## Impact In affected configurations, an attacker who can invoke `system.run` can bypass allowlist enforcement and approval prompts by supplying an allowlisted `rawCommand` while providing a different `command[]` argv for execution. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.13` - Patched version: `>= 2026.2.14` (planned next release) ## Fix Enforce `rawCommand`/`command[]` consistency (gateway fail-fast + node host validation). ## Fix Commit(s) - cb3290fca32593956638f161d9776266b90ab891 ## Release Process Note This advisory pre-sets the patched version to the planned next release (`2026.2.14`). Once `[email protected]` is published to npm, the advisory can be published without further edits. Thanks @christos-eth for reporting.
How to fix CVE-2026-26325
To remediate CVE-2026-26325, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.14 or later
Is CVE-2026-26325 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.14