CVE-2026-29608

描述

### Summary In `[email protected]`, node `system.run` approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload (for example `echo SAFE`) could execute a different local script when wrapper argv were rewritten. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `2026.3.1` (latest published npm version as of March 2, 2026) - Fixed release: `2026.3.2` (released) ### Technical Details Root cause was in node-host approval hardening for `system.run`: - `src/node-host/invoke-system-run-plan.ts` rewrote `argv[0]` to the resolved executable. - Wrapper resolution unwrapped dispatch wrappers, so input like `['env','sh','-c','echo SAFE']` resolved executable `sh`. - The approved plan could become `['/bin/sh','sh','-c','echo SAFE']` while approval text remained `echo SAFE`. That rewrite changed runtime behavior: `/bin/sh` interprets the extra `sh` positional argument as a script path, enabling execution of a local `./sh` file from approved `cwd` instead of the approved payload text. ### Impact Approval-integrity break in `host=node` execution flow: operator-visible command text and executed behavior could diverge. Exploit preconditions: - attacker can influence wrapper argv and place a local file in approved working directory, - operator grants approval for the displayed command. ### Fix Commit(s) - `dded569626b0d8e7bdab10b5e7528b6caf73a0f1` ### Fixed Version - Patched in `[email protected]`.

受影響套件(1)

• npm/openclaw>= 2026.3.1, < 2026.3.2

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-29608
• PATCHhttps://github.com/openclaw/openclaw
• WEBhttps://github.com/openclaw/openclaw/commit/dded569626b0d8e7bdab10b5e7528b6caf73a0f1
• WEBhttps://github.com/openclaw/openclaw/security/advisories/GHSA-h3rm-6x7g-882f
• WEBhttps://www.vulncheck.com/advisories/openclaw-approval-integrity-bypass-via-system-run-argv-rewriting