Listen to this Post
How the mentioned CVE works:
The vulnerability resides in the queueing mechanism for node actions. When a node action is initially queued, the system validates it against the then‑active command policy—specifically the allowlist and declared command set. However, that validation is not re‑performed when the action is later delivered for execution. If an administrator tightens the policy (e.g., removes a command from the allowlist or revokes a node’s declared capabilities) after an action has been queued but before it is processed, the queued action still executes using the stale, pre‑tightening permissions. This creates a window where policy restrictions can be bypassed. Attackers who can influence the queue (e.g., by scheduling actions before policy changes) may execute commands that should have been blocked. The flaw stems from a missing revalidation step in the delivery logic, which the fix addresses by checking the current allowlist and declared command set at the moment of execution. The issue affects all versions before the fixed release v2026.3.22, where the queue delivery logic now includes the necessary runtime policy checks.
dailycve form:
Platform: openclaw npm package
Version: before 2026.3.22
Vulnerability: command policy bypass
Severity: medium
date: 2026-03-26
Prediction: already patched (2026.3.22)
What Undercode Say:
Check installed version of openclaw npm list openclaw Verify fix commit presence git log --oneline | grep ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2 Simulate a queued action bypass (pre‑patch behavior) 1. Queue a node action while command X is allowed 2. Remove command X from allowlist 3. Observe that queued action still executes X
Exploit:
An attacker with the ability to create queued node actions (e.g., via API or scheduled tasks) can pre‑load actions while permissions are permissive. After a policy tightening that would normally block those actions, the queued tasks execute unchanged, effectively persisting the old policy.
Protection from this CVE:
Upgrade to openclaw v2026.3.22 or later. If immediate upgrade is not possible, avoid queuing actions during policy transitions or manually clear the action queue before applying policy changes. Monitor logs for execution of commands that should have been revoked.
Impact:
Unauthorized command execution beyond the intended policy. A compromised or malicious actor could leverage stale queued actions to run commands that were explicitly removed from allowlists, undermining security controls and potentially leading to further system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

