PT-2026-32063 · Npm · Openclaw

Publicado

2026-03-31

·

Atualizado

2026-03-31

CVSS v3.1

7.3

Alta

VetorAV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

Allow-always persistence did not unwrap /usr/bin/script and similar wrappers to the actual executed target before storing trust decisions.

Impact

A user approval for one wrapped command could persist trust for a wrapper binary that later executed a different underlying program.

Affected Component

src/infra/dispatch-wrapper-resolution.ts, src/infra/exec-wrapper-resolution.ts

Fixed Versions

  • Affected: <= 2026.3.24
  • Patched: >= 2026.3.28
  • Latest stable 2026.3.28 contains the fix.

Fix

Fixed by commit 83da3cfe31 (infra: unwrap script wrapper approval targets).

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-385

Identificadores relacionados

GHSA-6PFC-6M7W-M8FX

Produtos afetados

Openclaw