PT-2026-25103 · Npm · Openclaw

Publicado

2026-03-02

·

Atualizado

2026-03-02

CVSS v4.0

2.3

Baixa

VetorAV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Summary

In the macOS companion app (currently beta), a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks in system.run under specific settings.

Impact

This path requires all of the following:
  • authenticated caller with operator.write
  • paired macOS beta node host
  • exec approvals set to security=allowlist and ask=on-miss
Under those conditions, a shell-chain command could be approved from an incomplete command view and then executed on the paired macOS host.

Default Install Status

Default installs are not affected.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.21-2
  • Patched (planned next release): >= 2026.2.22

Technical Details

The fix hardens macOS allowlist resolution by evaluating shell chains per segment and failing closed on unsafe shell-substitution parsing in allowlist mode.

Product Status Note

The affected macOS companion app path is currently in beta.

Fix Commit(s)

  • 5da03e622119fa012285cdb590fcf4264c965cb5
  • e371da38aab99521c4e076cd3d95fd775e00b784

Release Process Note

patched versions is pre-set to the planned next npm release (2026.2.22) so once that version is published, this advisory can be published without additional metadata edits.
OpenClaw thanks @tdjackey for reporting.

Correção

Incomplete List of Disallowed Inputs

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-184CWE-285

Identificadores relacionados

GHSA-5F9P-F3W2-FWCH

Produtos afetados

Openclaw