PT-2026-25103 · Npm · Openclaw
Published
2026-03-02
·
Updated
2026-03-02
CVSS v4.0
2.3
Low
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
Summary
In the macOS companion app (currently beta), a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks in
system.run under specific settings.Impact
This path requires all of the following:
- authenticated caller with
operator.write - paired macOS beta node host
- exec approvals set to
security=allowlistandask=on-miss
Under those conditions, a shell-chain command could be approved from an incomplete command view and then executed on the paired macOS host.
Default Install Status
Default installs are not affected.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected:
<= 2026.2.21-2 - Patched (planned next release):
>= 2026.2.22
Technical Details
The fix hardens macOS allowlist resolution by evaluating shell chains per segment and failing closed on unsafe shell-substitution parsing in allowlist mode.
Product Status Note
The affected macOS companion app path is currently in beta.
Fix Commit(s)
5da03e622119fa012285cdb590fcf4264c965cb5e371da38aab99521c4e076cd3d95fd775e00b784
Release Process Note
patched versions is pre-set to the planned next npm release (2026.2.22) so once that version is published, this advisory can be published without additional metadata edits.OpenClaw thanks @tdjackey for reporting.
Fix
Improper Authorization
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw