CVE-2026-31997 in OpenClaw
Summary
by MITRE • 03/19/2026
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/23/2026
The vulnerability identified as CVE-2026-31997 affects OpenClaw versions prior to 2026.3.1 and represents a critical flaw in the system.run approval mechanism that undermines the security of executable execution controls. This weakness specifically targets how the system handles non-path-like argv[0] tokens during approval processes, creating a window where attackers can manipulate the execution flow after initial approval has been granted. The vulnerability stems from insufficient validation of executable identity during the approval phase, allowing for potential rebind attacks that can bypass intended security controls.
The technical implementation of this flaw occurs within the system.run approval framework where the software fails to establish a persistent binding between the approved executable and its actual identity. When a user or process requests execution of a command, the system initially approves based on the argv[0] token, but does not maintain a strong cryptographic or hash-based reference to the specific executable file that was approved. This creates a scenario where an attacker can modify the PATH environment variable or manipulate the filesystem between the approval decision and actual execution, causing the system to resolve and execute a different binary than the one originally approved. The vulnerability operates under CWE-284 Access Control Issues, specifically targeting improper access control mechanisms that should prevent unauthorized execution of binaries.
The operational impact of this vulnerability extends beyond simple privilege escalation to enable full arbitrary command execution capabilities for attackers who understand the timing window and PATH manipulation techniques. An attacker can exploit this by first obtaining approval for a legitimate system command, then modifying the environment or filesystem to redirect execution to a malicious binary with the same name or a different name that the system resolves to through PATH manipulation. This attack vector allows for persistent backdoor installation, privilege escalation, and complete system compromise. The vulnerability aligns with ATT&CK technique T1059 Command and Scripting Interpreter, where attackers can leverage the approved execution context to run malicious payloads, and T1068 Exploitation for Privilege Escalation when combined with other attack vectors.
Mitigation strategies for CVE-2026-31997 require immediate implementation of strong executable identity pinning mechanisms that bind approval decisions to specific file hashes or cryptographic signatures rather than relying solely on path-based resolution. Organizations should implement version 2026.3.1 or later of OpenClaw where the system.run approval process includes mandatory file integrity verification and persistent identity binding. Additional defensive measures include enforcing strict PATH environment variable controls, implementing read-only filesystem protections for critical system directories, and deploying process monitoring solutions that can detect unauthorized PATH modifications. The fix should incorporate proper input validation and ensure that all executable references are resolved against a trusted baseline rather than allowing dynamic PATH resolution after approval decisions have been made, thereby closing the rebind attack window that enables this vulnerability.