PT-2026-25479 · Npm · Openclaw

Publicado

2026-03-03

·

Atualizado

2026-03-03

CVSS v4.0

6.9

Média

VetorAV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

In openclaw allowlist mode, tools.exec.safeBins trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute.

Impact

This is an allowlist bypass in exec policy that can lead to command execution in the OpenClaw runtime context when allowlist mode relies on safe bins and an attacker can influence trusted binary locations.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Vulnerable versions: <= 2026.2.21-2
  • Patched versions: >= 2026.2.22 (planned next release)
  • Latest published npm version at triage time (2026-02-22): 2026.2.21-2

Root Cause

  • Safe-bin trust accepted PATH-derived directories instead of explicit trusted directories.
  • Safe-bin execution used shell command tokens that could resolve to shadowed binaries.

Remediation

  • Stop trusting PATH-derived directories for safe-bin trust.
  • Add explicit tools.exec.safeBinTrustedDirs for opt-in extra trusted paths.
  • Pin safe-bin shell execution to resolved absolute executable paths.

Fix Commit(s)

  • 64b273a71cf0b2f2419c974832cede1fc2158729

Release Process Note

patched versions is pre-set to the planned next release (2026.2.22). After npm release, this advisory is ready for publish without additional field edits.
OpenClaw thanks @tdjackey for reporting.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

GHSA-QHRR-GRQP-6X2G

Produtos afetados

Openclaw