CVE-2026-29608 in OpenClaw
Summary
by MITRE • 03/19/2026
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/23/2026
The vulnerability identified as CVE-2026-29608 resides within the OpenClaw 2026.3.1 system, specifically affecting the system.run node-host execution functionality. This represents a critical approval integrity flaw that undermines the security assumptions of command execution verification processes. The system is designed to validate and approve commands before execution, yet this vulnerability creates a pathway for attackers to circumvent these controls through sophisticated manipulation of the argument vector.
The technical flaw manifests through argv rewriting capabilities that fundamentally alter command semantics during execution. When operators approve a command through the system.run node, the approval process validates the command text but fails to account for subsequent modifications to the argument vector. This creates a scenario where the approval system accepts one command while the actual execution operates on a modified version that can execute unintended code. The vulnerability exploits the difference between the approval validation phase and the actual execution phase, allowing for command substitution attacks.
The operational impact of this vulnerability extends beyond simple code execution, as it fundamentally compromises the trust model of the system's command approval mechanisms. Attackers can place malicious local scripts in the working directory and leverage the argv rewriting functionality to execute these scripts with the privileges and context of the approved command. This creates a persistent threat vector where attackers can establish footholds, escalate privileges, or execute arbitrary code without triggering security alerts that would normally be generated by the approval system.
The vulnerability aligns with CWE-284 Access Control Issues, specifically addressing inadequate access control mechanisms that allow unauthorized privilege escalation through command execution manipulation. It also relates to CWE-78 Improper Neutralization of Special Elements used in an OS Command, as the system fails to properly sanitize or validate command arguments that undergo rewriting. From an ATT&CK framework perspective, this vulnerability maps to T1059 Command and Scripting Interpreter and T1566 Phishing, as it enables attackers to execute malicious payloads through legitimate approval processes while maintaining operational security.
Mitigation strategies should focus on implementing strict argument validation and sanitization before command execution, eliminating the possibility of argv rewriting that alters command semantics. Organizations should deploy comprehensive input validation mechanisms that ensure the approved command text matches exactly with the executed command. Additionally, implementing privilege separation between approval and execution phases, along with monitoring for unexpected script execution in working directories, would significantly reduce the attack surface. The system should also enforce strict path resolution and binary execution verification to prevent execution of unauthorized scripts regardless of their location in the filesystem.