CVE-2026-29608

Name of the Vulnerable Software and Affected Versions OpenClaw version 2026.3.1

Description The software contains an approval integrity issue in node-host execution where rewriting command arguments changes how the command is executed. An attacker can place malicious local scripts in the working directory to execute unintended code, even if the operator approves a different command. The root cause is in the src/node-host/invoke-system-run-plan.ts file, where the argv[0] is rewritten to the resolved executable. This can lead to a divergence between the command text shown to the operator and the actual behavior of the executed command. Specifically, input like ['env','sh','-c','echo SAFE'] could resolve to ['/bin/sh','sh','-c','echo SAFE'], causing /bin/sh to interpret the extra sh as a script path and execute a local ./sh file from the approved current working directory instead of the approved payload text. The vulnerable function is invoke-system-run-plan.ts.

Recommendations Update to OpenClaw version 2026.3.2 to resolve this issue.