PT-2026-33577 · Npm · Openclaw

Publicado

2026-04-07

·

Atualizado

2026-04-07

CVSS v3.1

7.3

Alta

VetorAV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even though the shell loaded attacker-chosen initialization first.

Impact

This issue only applied when exec allowlist or allow-always behavior was enabled and the attacker could steer a shell-wrapper command shape that used init-file options. The result was a narrower allowlist bypass, not generic arbitrary command execution from an untrusted boundary.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: < 2026.3.31
  • Patched versions: >= 2026.3.31
  • Latest published npm version: 2026.4.1

Fix Commit(s)

  • 0c8375424620e12777ef24c162eedc7e9fcfd7e3 — reject shell init-file script matches

Release Process Note

The fix shipped in OpenClaw 2026.3.31 on March 31, 2026. The current published npm release 2026.4.1 from April 1, 2026 also contains the fix.
Thanks @cyjhhh for reporting.

Correção

Incomplete List of Disallowed Inputs

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-184

Identificadores relacionados

GHSA-WPC6-37G7-8Q4W

Produtos afetados

Openclaw