OpenClaw, Policy Enforcement Gap, CVE-2026-53831 (Medium) -DC-Jul2026-835

Listen to this Post

On POSIX nodes, OpenClaw’s `system.run` safe-bin checks evaluate a command’s safety before shell expansion alters its interpretation. This creates a time-of-check to time-of-use (TOCTOU) gap: the approval logic sees a benign argument (e.g., ".conf"), but the shell later expands that same token into multiple file operands. An authenticated operator or agent flow can therefore pass a command that appears to be a safe-bin argument but, after expansion, reads unintended node-local files.
The root cause lies in argv validation occurring prior to shell expansion. OpenClaw’s safe-bin or allowlist-style auto-approval trusts the pre-expansion argument vector, yet POSIX shells perform globbing, variable substitution, and word splitting after the fact. A value like `”/etc/openclaw/”` might be approved as a single argument, but the shell expands it into a list of file paths, effectively turning a seemingly safe command into a file read operation across arbitrary paths.
This issue is limited to paired POSIX node execution through `system.run` with safe-bin or allowlist-style auto-approval. It is not an unauthenticated node takeover; the attacker must already have authenticated operator or agent-level access to the gateway. The vulnerability affects deployments where:
– A POSIX node is paired to the gateway.
– `system.run` is reachable by an authenticated operator or agent flow.
– Exec policy uses safe-bin or allowlist-based auto-approval.
– The approved command contains shell-expanded values that can change argv shape.
A lower-privilege operator flow could cause an approved safe-bin command to read a node-local file not intended by policy, potentially exposing OpenClaw configuration data or other node-local information. The issue is a policy-enforcement gap in argv validation, not a general statement that every safe-bin command is unsafe. The first stable patched version is 2026.5.18.

DailyCVE Form:

Platform: ……. OpenClaw
Version: …….. < 2026.5.18
Vulnerability :…… Policy Enforcement Gap (Shell Expansion)
Severity: ……. Medium
date: ………. 2026-06-13

Prediction: …… 2026-05-18

What Undercode Say:

Analytics:

The vulnerability stems from the order of operations in system.run:

Safe-bin approval checks before shell expansion
Approved: cat "/etc/openclaw/.conf"
Shell expands to: cat /etc/openclaw/main.conf /etc/openclaw/agent.conf ...

To reproduce the behaviour:

Simulate the approval check (pre-expansion)
echo "Approved: cat '/etc/openclaw/.conf'"
Actual shell execution (post-expansion)
bash -c "cat /etc/openclaw/.conf"

Exploit:

An authenticated operator can issue:

system.run --node posix-node-1 --command "cat /etc/openclaw/.conf"

If `cat` is in the safe-bin allowlist and the command is auto-approved, the shell expands the glob and reads all matching files, potentially exposing sensitive configuration.

Protection:

  • Upgrade to `[email protected]` or later.
  • Before upgrading, avoid broad safe-bin auto-approval for commands that can read arbitrary paths.
  • Prefer explicit approval for node commands that touch local files.
  • Use single quotes around arguments to prevent shell expansion where possible (e.g., '.conf').

Impact:

  • Lower-privilege operator flows can read node-local files unintended by policy.
  • Exposure of OpenClaw configuration data or other node-local information.
  • Policy-enforcement gap in argv validation, not a general unsafe-bin issue.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top