CVE-2026-27545

MEDIUM

OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind

Title source: cna

Description

OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string.

References (7)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-f7ww-2725-qvw2

[Patch] https://github.com/openclaw/openclaw/commit/78a7ff2d50fb3bcef351571cb5a0f21430a340c1

[Patch] https://github.com/openclaw/openclaw/commit/d82c042b09727a6148f3ca651b254c4a677aff26

[Patch] https://github.com/openclaw/openclaw/commit/d06632ba45a8482192792c55d5ff0b2e21abb0a7

[Patch] https://github.com/openclaw/openclaw/commit/4e690e09c746408b5e27617a20cb3fdc5190dbda

[Patch] https://github.com/openclaw/openclaw/commit/4b4718c8dfce2e2c48404aa5088af7c013bed60b

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-parent-symlink-current-working-directory-rebind

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Details

CWE

CWE-367

Status published

Products (3)

npm/openclaw 0 - 2026.2.26npm

OpenClaw/OpenClaw < 2026.2.26

openclaw/openclaw < 2026.2.26

Published Mar 18, 2026

Tracked Since Mar 18, 2026