PT-2026-31977 · Openclaw · Openclaw
Edward-X
·
Published
2026-04-10
·
Updated
2026-04-10
·
CVE-2026-35666
CVSS v3.1
8.8
High
| AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw