PT-2026-25122 · Npm · Openclaw

Publicado

2026-03-02

·

Atualizado

2026-03-02

CVSS v3.1

2.6

Baixa

VetorAV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Summary

In approval-enabled host=node workflows, system.run approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input.

Affected Packages / Versions

  • Package: npm openclaw
  • Latest published npm version at triage: 2026.2.25
  • Affected range: <= 2026.2.25
  • Planned fixed version (next npm release): 2026.2.26

Preconditions / Typical Exposure

This requires all of the following:
  • system.run usage through host=node
  • Exec approvals enabled and used as an execution-integrity control
  • Access to an approval id in the same context
Most default single-operator local setups do not rely on this path, so practical exposure is typically lower.

Details

Approval matching now uses a required versioned binding (systemRunBindingV1) over command argv, cwd, agent/session context, and env hash.
The fix:
  • Requires commandArgv when requesting host=node approvals.
  • Requires systemRunBindingV1 when consuming approvals for node system.run.
  • Removes legacy non-versioned fallback matching and fails closed on missing/mismatched bindings.
  • Keeps env mismatch handling explicit and blocks GIT EXTERNAL DIFF in host env policy.
  • Adds/updates regression and contract coverage for mismatch mapping and binding rules.

Impact

Configuration-dependent approval-integrity weakness in node-host exec approval flows. Severity remains medium because exploitation depends on this specific approval mode and context.

Fix Commit(s)

  • 10481097f8e6dd0346db9be0b5f27570e1bdfcfa

Release Process Note

patched versions is pre-set to the planned next release (2026.2.26) so once npm release 2026.2.26 is published, the advisory can be published without further metadata edits.
OpenClaw thanks @tdjackey for reporting.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-15CWE-863

Identificadores relacionados

GHSA-HJVP-QHM6-WRH2

Produtos afetados

Openclaw