CVE-2026-32979
HIGH7.3EPSS 0.05%OpenClaw: Unbound interpreter and runtime commands could bypass node-host approval integrity
描述
## Summary In affected versions of `openclaw`, node-host `system.run` approvals could still execute rewritten local code for interpreter and runtime commands when OpenClaw could not bind exactly one concrete local file operand during approval planning. ## Impact Deployments using node-host `system.run` approval mode could approve a benign local script and then execute different local code if that script changed before execution. This can lead to unintended local code execution as the OpenClaw runtime user. ## Affected Packages and Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.3.8` - Fixed in: `2026.3.11` ## Technical Details The approval flow treated some interpreter and runtime forms as approval-backed even when it could not honestly bind a single direct local script file. That left residual approval-integrity gaps for runtime forms outside the directly bound file set. ## Fix OpenClaw now fails closed for approval-backed interpreter and runtime commands unless it can bind exactly one concrete local file operand, and it extends best-effort direct-file binding for additional runtime forms. The fix shipped in `[email protected]`. ## Workarounds Upgrade to `2026.3.11` or later.
受影響套件(1)
- npm/openclawfrom 0, < 2026.3.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-32979
- PATCHhttps://github.com/openclaw/openclaw
- WEBhttps://github.com/openclaw/openclaw/releases/tag/v2026.3.11
- WEBhttps://github.com/openclaw/openclaw/security/advisories/GHSA-xf99-j42q-5w5p
- WEBhttps://www.vulncheck.com/advisories/openclaw-unbound-interpreter-and-runtime-commands-bypass-in-node-host-approval