GHSA-5v6x-rfc3-7qfr

Source

https://github.com/advisories/GHSA-5v6x-rfc3-7qfr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-5v6x-rfc3-7qfr/GHSA-5v6x-rfc3-7qfr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5v6x-rfc3-7qfr

Aliases

CVE-2026-22168

Downstream

MINI-933h-g359-3h95

Published

2026-03-02T22:15:53Z

Modified

2026-03-19T21:32:29.153592Z

Severity

8.5 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

Details

Summary

A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string.

This requires an authenticated operator context using the approvals flow and a trusted Windows node.

Affected Packages / Versions

Package: openclaw (npm)
Latest published vulnerable version (as of 2026-02-21): 2026.2.19-2
Vulnerable range: <=2026.2.19-2
Patched version (planned next release): 2026.2.21

Attack Scenario

An authenticated operator approval is created for a benign command text (for example, echo).
A system.run request uses cmd.exe /c with extra trailing arguments.
Prior behavior could bind approval/audit text to the benign command while still executing the full argument tail on the node.

Impact

Local command execution on the trusted Windows node process account.
Approval/audit command text integrity mismatch.

Fix

Canonicalize the full command tail after cmd.exe /c.
Reuse one shared command canonicalization/validation path for validation, approval matching, and execution/audit text.
Add regression coverage for trailing-argument smuggling and approval binding.

Fix Commit(s)

6007941f04df1edcca679dd6c95949744fdbd4df

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21). Once that npm release is live, this advisory can be published directly.

OpenClaw thanks @tdjackey for reporting.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-02T22:15:53Z",
    "severity": "HIGH",
    "nvd_published_at": "2026-03-18T02:16:20Z",
    "cwe_ids": [
        "CWE-863",
        "CWE-88"
    ]
}

References

Affected packages

npm / openclaw

Package

Name: openclaw; View open source insights on deps.dev
Purl: pkg:npm/openclaw

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.2.21

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-5v6x-rfc3-7qfr/GHSA-5v6x-rfc3-7qfr.json"