CVE-2026-35667

Name of the Vulnerable Software and Affected Versions: OpenClaw versions prior to 2026.3.24

Description: OpenClaw versions before 2026.3.24 contain an incomplete fix for CVE-2026-27486. The !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without a graceful SIGTERM shutdown. This can lead to data corruption, resource leaks, and skipped security-sensitive cleanup operations. The vulnerable function is located in src/agents/shell-utils.ts (lines 170–192) and is called by the !stop command handler in src/auto-reply/reply/bash-command.ts (lines 300-304). The issue arises because the !stop command imports the unpatched function instead of the corrected version in src/process/kill-tree.ts. A proof-of-concept demonstrates that the vulnerable function bypasses the graceful shutdown sequence, sending SIGKILL directly. This can affect processes writing to files, databases, or performing security-sensitive operations.

Recommendations: Update to OpenClaw version 2026.3.24 or later.