OpenClaw (npm), Exec Approval Bypass, CVE-2026-XXXX (Medium)

Listen to this Post

The vulnerability arises from how OpenClaw handled `allow-always` execution approvals for wrapped binaries. When a command is invoked via /usr/bin/time, the system did not unwrap this wrapper to inspect the actual inner executable. This allowed an unregistered `time` wrapper to bypass the normal executable binding process. The approval state, intended for a specific binary, would be incorrectly reused for the inner command. An attacker could exploit this by placing a malicious wrapper named `time` in the PATH, tricking the system into approving its execution without proper authorization. The flaw existed because the approval logic lacked a step to resolve the final binary path through common wrappers like time. This effectively nullified the security of `allow-always` rules, as the approval context was not tied to the actual target program. The fix ensures that `time` wrappers are recursively resolved to their underlying command, binding the approval to the final executable rather than the wrapper.
Platform: OpenClaw (npm)
Version: < 2026.3.22
Vulnerability: Exec approval bypass
Severity: Medium
date: 2026-03-26

Prediction: Patch expected 2026.03.22

What Undercode Say:

Check vulnerable version
npm list openclaw | grep -E "2026.3.(1[0-9]|2[0-1])"
Verify fix applied in source
grep -A5 "/usr/bin/time" src/infra/dispatch-wrapper-resolution.ts
Regression test for the bypass
npm test -- -t "time-wrapper allow-always approval bypasses"

Exploit:

1. Create malicious `time` wrapper in user PATH.

2. Set `allow-always` approval for a trusted command.

3. Invoke target via `time `.

  1. Approval binds to time, bypassing inner command check.

Protection:

  • Upgrade to OpenClaw >= 2026.3.22.
  • Avoid `allow-always` rules for critical paths.
  • Monitor for new `time` binaries in non-standard locations.

Impact:

  • Unauthorized command execution.
  • Bypass of approval-based security controls.
  • Privilege escalation in constrained environments.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top