Description
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes can be terminated if they match the pattern. The CLI runner cleanup helpers can kill processes matched by command-line patterns without validating process ownership. This issue has been fixed in version 2026.2.14.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/openclaw/openclaw/security/advisories/GHSA-jfv4-h8mc-jcp8
Patch x_refsource_misc
https://github.com/openclaw/openclaw/commit/6084d13b956119e3cf95daaf9a1cae1670ea3557
Patch x_refsource_misc
https://github.com/openclaw/openclaw/commit/eb60e2e1b213740c3c587a7ba4dbf10da620ca66
Release Notes x_refsource_misc
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
Scores
CVSS v3
5.3
EPSS
0.0029
EPSS Percentile
20.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-283
Status
published
Products (2)
npm/openclaw
0 - 2026.2.14npm
openclaw/openclaw
< 2026.2.14
Published
Feb 21, 2026
Tracked Since
Feb 21, 2026