PT-2026-25121 · Npm · Openclaw

Publicado

2026-03-02

·

Atualizado

2026-03-02

CVSS v4.0

6.9

Média

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

OpenClaw exec approvals could be bypassed in allowlist mode when allow-always was granted through unrecognized multiplexer shell wrappers (notably busybox sh -c and toybox sh -c).

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.22-2
  • Latest published vulnerable version at triage time: 2026.2.22-2 (checked on February 24, 2026)
  • Fixed on main: yes
  • Patched release: 2026.2.23

Details

Wrapper analysis treated busybox/toybox invocations as non-wrapper commands in this path, so allow-always persisted the wrapper binary path instead of the inner executable. That allowed later arbitrary payloads under the same multiplexer wrapper to satisfy the stored allowlist rule.
The fix hardens wrapper detection and persistence behavior for these multiplexer shell applets so approvals bind to intended inner executables and fail closed when unwrap safety is uncertain.

Fix Commit(s)

  • a67689a7e3ad494b6637c76235a664322d526f9e

Release Process Note

patched versions is pre-set to the released version (2026.2.23). This advisory now reflects released fix version 2026.2.23.
OpenClaw thanks @jiseoung for reporting.

Correção

Incomplete List of Disallowed Inputs

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-184

Identificadores relacionados

GHSA-GWQP-86Q6-W47G

Produtos afetados

Openclaw