CVE-2026-29607

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22 OpenClaw versions 2026.2.21-2 and earlier

Description The software contains an authorization bypass issue in the allow-always wrapper persistence feature. This allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating the intended execution. This can lead to remote code execution on gateway and node-host execution flows. Specifically, approving wrapped system.run commands with allow-always in security=allowlist mode could persist wrapper-level allowlist entries, enabling subsequent approval-bypass execution of different inner payloads. The issue stems from basing allow-always persistence on wrapper-level resolution rather than stable inner executable intent. Affected paths include gateway and node-host execution approval persistence flows.

Recommendations Upgrade to version 2026.2.22. As an alternative, run the software with a stricter execution policy (ask=always or security=deny) until upgraded.