PT-2026-25122 · Npm · Openclaw

Published

2026-03-02

·

Updated

2026-03-02

CVSS v3.1

2.6

Low

VectorAV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Summary

In approval-enabled host=node workflows, system.run approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input.

Affected Packages / Versions

  • Package: npm openclaw
  • Latest published npm version at triage: 2026.2.25
  • Affected range: <= 2026.2.25
  • Planned fixed version (next npm release): 2026.2.26

Preconditions / Typical Exposure

This requires all of the following:
  • system.run usage through host=node
  • Exec approvals enabled and used as an execution-integrity control
  • Access to an approval id in the same context
Most default single-operator local setups do not rely on this path, so practical exposure is typically lower.

Details

Approval matching now uses a required versioned binding (systemRunBindingV1) over command argv, cwd, agent/session context, and env hash.
The fix:
  • Requires commandArgv when requesting host=node approvals.
  • Requires systemRunBindingV1 when consuming approvals for node system.run.
  • Removes legacy non-versioned fallback matching and fails closed on missing/mismatched bindings.
  • Keeps env mismatch handling explicit and blocks GIT EXTERNAL DIFF in host env policy.
  • Adds/updates regression and contract coverage for mismatch mapping and binding rules.

Impact

Configuration-dependent approval-integrity weakness in node-host exec approval flows. Severity remains medium because exploitation depends on this specific approval mode and context.

Fix Commit(s)

  • 10481097f8e6dd0346db9be0b5f27570e1bdfcfa

Release Process Note

patched versions is pre-set to the planned next release (2026.2.26) so once npm release 2026.2.26 is published, the advisory can be published without further metadata edits.
OpenClaw thanks @tdjackey for reporting.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-15

Related Identifiers

GHSA-HJVP-QHM6-WRH2

Affected Products

Openclaw