CVE-2026-32921

描述

OpenClaw's `system.run` approval flow did not bind mutable interpreter-style script operands across approval and execution. A caller could obtain approval for an execution such as `sh ./script.sh`, rewrite the approved script before execution, and then execute different content under the previously approved command shape. The approved `argv` values remained the same, but the mutable script operand content could drift after approval. Latest published npm version verified vulnerable: `2026.3.7` The initial March 7, 2026 fix in `c76d29208bf6a7f058d2cf582519d28069e42240` added approval binding for shell scripts and a narrow interpreter set, but follow-up maintainer review on March 8, 2026 found that `bun` and `deno` script operands still did not produce `mutableFileOperand` snapshots. A complete fix shipped on March 9, 2026 in `cf3a479bd1204f62eef7dd82b4aa328749ae6c91`, which binds approved `bun` and `deno run` script operands to on-disk file snapshots and denies post-approval script drift before execution. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.3.7` - Patched version: `2026.3.8` ## Fix Commit(s) - `c76d29208bf6a7f058d2cf582519d28069e42240` - `cf3a479bd1204f62eef7dd82b4aa328749ae6c91` ## Release Verification - npm `2026.3.7` remains vulnerable. - npm `2026.3.8` contains the completed fix. Thanks @tdjackey for reporting.

受影響套件(1)

• npm/openclawfrom 0, < 2026.3.8

CVSS 分數

參考連結(6)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-32921
• PATCHhttps://github.com/openclaw/openclaw
• WEBhttps://github.com/openclaw/openclaw/commit/c76d29208bf6a7f058d2cf582519d28069e42240
• WEBhttps://github.com/openclaw/openclaw/commit/cf3a479bd1204f62eef7dd82b4aa328749ae6c91
• WEBhttps://github.com/openclaw/openclaw/security/advisories/GHSA-8g75-q649-6pv6
• WEBhttps://www.vulncheck.com/advisories/openclaw-script-content-modification-via-mutable-operand-binding-in-system-run