GHSA-hwpq-rrpf-pgcq

Source

https://github.com/advisories/GHSA-hwpq-rrpf-pgcq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-hwpq-rrpf-pgcq/GHSA-hwpq-rrpf-pgcq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hwpq-rrpf-pgcq

Aliases

CVE-2026-32065

Downstream

MINI-vf45-36qp-q3v6

Published

2026-03-02T23:33:08Z

Modified

2026-03-30T14:05:43.354511Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
5.7 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Details

Summary

system.run approvals in OpenClaw used rendered command text as the approval identity while trimming argv token whitespace. Runtime execution still used raw argv. A crafted trailing-space executable token could therefore execute a different binary than what the approver saw.

Affected Packages / Versions

Package: openclaw (npm)
Affected versions: <= 2026.2.24
Patched versions: >= 2026.2.25

Impact

This is an approval-integrity bypass that can lead to unexpected command execution under the OpenClaw runtime user when an attacker can influence command argv and reuse/obtain a matching approval context.

Trust Model Note

OpenClaw does not treat adversarial multi-user sharing of one gateway host/config as a supported security boundary. This finding is still valid in supported deployments because it breaks the operator approval boundary itself (approved display command vs executed argv).

Fix Commit(s)

03e689fc89bbecbcd02876a95957ef1ad9caa176

Release Process Note

patched_versions is pre-set to the release (2026.2.25). Advisory published with npm release 2026.2.25.

OpenClaw thanks @tdjackey for reporting.

Database specific

{
    "nvd_published_at": null,
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-436",
        "CWE-863"
    ],
    "github_reviewed_at": "2026-03-02T23:33:08Z"
}

References

Affected packages

npm / openclaw

Package

Name: openclaw; View open source insights on deps.dev
Purl: pkg:npm/openclaw

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.2.25

Database specific

last_known_affected_version_range

"<= 2026.2.24"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-hwpq-rrpf-pgcq/GHSA-hwpq-rrpf-pgcq.json"