PT-2026-25468 — OS Command Injection in Npm Openclaw

PT-2026-25468 · Npm · Openclaw

Published

2026-03-03

Updated

2026-03-03

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

system.run exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap env/shell-dispatch wrappers.

This allowed wrapper-smuggled payloads (for example env bash -lc ...) to satisfy an allowlist entry for the wrapper while executing non-allowlisted commands.

Impact

On affected versions, an actor who can trigger system.run requests under an allowlist policy could bypass intended allowlist restrictions by routing execution through wrapper binaries.

Affected Packages / Versions

Package: openclaw (npm)
Affected: <= 2026.2.21-2
Patched in next release: 2026.2.22 (pre-set below so publish can happen immediately after npm release)

Fix Commit(s)

2b63592be57782c8946e521bc81286933f0f99c7

Release Process Note

patched versions is pre-set to the planned next release (>= 2026.2.22).

After npm 2026.2.22 is published, this advisory can be published directly without further metadata edits.

OpenClaw thanks @tdjackey for reporting.

Fix

OS Command Injection

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-863

Related Identifiers

GHSA-JJ82-76V6-933R

Affected Products

Openclaw