PT-2026-25430 · Npm · Openclaw
Publicado
2026-03-03
·
Atualizado
2026-03-03
CVSS v3.1
5.7
Média
| Vetor | AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
Summary
In
openclaw<=2026.2.23, safe-bin trust in allowlist mode relied on static default trusted directories that included package-manager paths (notably /opt/homebrew/bin and /usr/local/bin).
When a same-name binary (for example jq) is placed in one of those trusted default directories, safe-bin evaluation can be satisfied and execute the attacker-controlled binary.Impact
This is an exec allowlist
safeBins policy bypass that can lead to command execution in the OpenClaw runtime context.
Severity is set to Medium given the required ability to write into trusted host binary directories.Affected Packages / Versions
- Package:
openclaw(npm) - Vulnerable versions:
<= 2026.2.23 - Patched versions:
>= 2026.2.24(planned next npm release) - Latest published npm version at triage time (2026-02-24):
2026.2.23
Root Cause
- Default safe-bin trusted directories included package-manager/user-managed paths.
- Trust decision was directory-membership only for resolved executable paths.
Remediation
- Restrict default safe-bin trusted directories to immutable system paths:
/bin,/usr/bin. - Require explicit operator opt-in for package-manager/user paths via
tools.exec.safeBinTrustedDirs.
Fix Commit(s)
b67e600bff696ff2ed9b470826590c0ce6b3bb0a
Release Process Note
patched versions is pre-set to the planned next release (2026.2.24).
Once npm release 2026.2.24 is published, this advisory should be ready for publish without additional version edits.OpenClaw thanks @tdjackey for reporting.
Publication Update (2026-02-25)
openclaw@2026.2.24 is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.Correção
Untrusted Search Path
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw