Listen to this Post
The vulnerability arises from how OpenClaw handled `allow-always` execution approvals for wrapped binaries. When a command is invoked via /usr/bin/time, the system did not unwrap this wrapper to inspect the actual inner executable. This allowed an unregistered `time` wrapper to bypass the normal executable binding process. The approval state, intended for a specific binary, would be incorrectly reused for the inner command. An attacker could exploit this by placing a malicious wrapper named `time` in the PATH, tricking the system into approving its execution without proper authorization. The flaw existed because the approval logic lacked a step to resolve the final binary path through common wrappers like time. This effectively nullified the security of `allow-always` rules, as the approval context was not tied to the actual target program. The fix ensures that `time` wrappers are recursively resolved to their underlying command, binding the approval to the final executable rather than the wrapper.
Platform: OpenClaw (npm)
Version: < 2026.3.22
Vulnerability: Exec approval bypass
Severity: Medium
date: 2026-03-26
Prediction: Patch expected 2026.03.22
What Undercode Say:
Check vulnerable version npm list openclaw | grep -E "2026.3.(1[0-9]|2[0-1])" Verify fix applied in source grep -A5 "/usr/bin/time" src/infra/dispatch-wrapper-resolution.ts Regression test for the bypass npm test -- -t "time-wrapper allow-always approval bypasses"
Exploit:
1. Create malicious `time` wrapper in user PATH.
2. Set `allow-always` approval for a trusted command.
3. Invoke target via `time `.
- Approval binds to
time, bypassing inner command check.
Protection:
- Upgrade to OpenClaw >= 2026.3.22.
- Avoid `allow-always` rules for critical paths.
- Monitor for new `time` binaries in non-standard locations.
Impact:
- Unauthorized command execution.
- Bypass of approval-based security controls.
- Privilege escalation in constrained environments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

