CVE-2026-27545

EPSS 0.03%

OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind

發布日:2026/3/2修改日:2026/3/18
也稱為:GHSA-f7ww-2725-qvw2

描述

## Summary For `host=node` executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in `cwd` while preserving the visible `cwd` string. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `<= 2026.2.25` - Fixed: `>= 2026.2.26` (planned next npm release) ## Impact A command approved for one filesystem location could execute from a different location if a mutable parent symlink changed between approval and execution. ## Fix - Added immutable approval-time plan preparation (`system.run.prepare`) and `systemRunPlanV2` canonical fields (`argv`, `cwd`, `agentId`, `sessionKey`). - Enforced canonical plan values through approval request storage and forwarding-time sanitization. - Rejected mutable parent-symlink path components during approval-plan building to block symlink rebind bypass. - Follow-up refactors centralized command catalogs and approval context/error handling to reduce future drift. ## Fix Commit(s) - `78a7ff2d50fb3bcef351571cb5a0f21430a340c1` - `d82c042b09727a6148f3ca651b254c4a677aff26` - `d06632ba45a8482192792c55d5ff0b2e21abb0a7` - `4e690e09c746408b5e27617a20cb3fdc5190dbda` - `4b4718c8dfce2e2c48404aa5088af7c013bed60b` ## Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.26`). Once npm `[email protected]` is published, publish this advisory directly without further version-field edits. OpenClaw thanks @tdjackey for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

參考連結(9)