CVE-2026-32058

LOW2.6EPSS 0.04%

OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

發布日:2026/3/2修改日:2026/3/30
也稱為:GHSA-hjvp-qhm6-wrh2

描述

### Summary In approval-enabled `host=node` workflows, `system.run` approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input. ### Affected Packages / Versions - Package: npm `openclaw` - Latest published npm version at triage: `2026.2.25` - Affected range: `<= 2026.2.25` - Planned fixed version (next npm release): `2026.2.26` ### Preconditions / Typical Exposure This requires all of the following: - `system.run` usage through `host=node` - Exec approvals enabled and used as an execution-integrity control - Access to an approval id in the same context Most default single-operator local setups do not rely on this path, so practical exposure is typically lower. ### Details Approval matching now uses a required versioned binding (`systemRunBindingV1`) over command argv, cwd, agent/session context, and env hash. The fix: - Requires `commandArgv` when requesting `host=node` approvals. - Requires `systemRunBindingV1` when consuming approvals for node `system.run`. - Removes legacy non-versioned fallback matching and fails closed on missing/mismatched bindings. - Keeps env mismatch handling explicit and blocks `GIT_EXTERNAL_DIFF` in host env policy. - Adds/updates regression and contract coverage for mismatch mapping and binding rules. ### Impact Configuration-dependent approval-integrity weakness in node-host exec approval flows. Severity remains `medium` because exploitation depends on this specific approval mode and context. ### Fix Commit(s) - `10481097f8e6dd0346db9be0b5f27570e1bdfcfa` ### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.26`) so once npm release `2026.2.26` is published, the advisory can be published without further metadata edits. OpenClaw thanks @tdjackey for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
osvCVSS 3.1LOW2.6CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

參考連結(5)