OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals
Description
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between rawCommand and command[] in the node host system.run handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node host / companion node execution path (system.run on a node), enable allowlist-based exec policy (security=allowlist) with approval prompting driven by allowlist misses (for example ask=on-miss), allow an attacker to invoke system.run. Default/non-node configurations are not affected. Version 2026.2.14 enforces rawCommand/command[] consistency (gateway fail-fast + node host validation).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.14 | 2026.2.14 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h3f9-mjwj-w476ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-26325ghsaADVISORY
- github.com/openclaw/openclaw/commit/cb3290fca32593956638f161d9776266b90ab891ghsax_refsource_MISCWEB
- github.com/openclaw/openclaw/releases/tag/v2026.2.14ghsax_refsource_MISCWEB
- github.com/openclaw/openclaw/security/advisories/GHSA-h3f9-mjwj-w476ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.