CVE-2026-32921
OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
Description
OpenClaw's `system.run` approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as `sh ./script.sh`, rewrite the approved script before execution, and then execute different content under the previously approved command shape. The approved `argv` values remained the same, but the mutable script operand content could drift after approval. Latest published npm version verified vulnerable: `2026.3.7` The initial March 7, 2026 fix in `c76d29208bf6a7f058d2cf582519d28069e42240` added approval binding for shell scripts and a narrow interpreter set, but follow-up maintainer review on March 8, 2026 found that `bun` and `deno` script operands still did not produce `mutableFileOperand` snapshots. A complete fix shipped on March 9, 2026 in `cf3a479bd1204f62eef7dd82b4aa328749ae6c91`, which binds approved `bun` and `deno run` script operands to on-disk file snapshots and denies post-approval script drift before execution. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.3.7` - Patched version: `2026.3.8` ## Fix Commit(s) - `c76d29208bf6a7f058d2cf582519d28069e42240` - `cf3a479bd1204f62eef7dd82b4aa328749ae6c91` ## Release Verification - npm `2026.3.7` remains vulnerable. - npm `2026.3.8` contains the completed fix. Thanks @tdjackey for reporting.
How to fix CVE-2026-32921
To remediate CVE-2026-32921, upgrade the affected package to a fixed version below.
- —upgrade to 2026.3.8 or later
Is CVE-2026-32921 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.3.8