GHSA-vffc-f7r7-rx2w

A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg() uses an incorrect whitespace-matching regex. This allows newline injection to break out of an Environment= line and inject standalone systemd directives (for example, ExecStartPre=). On service restart, the injected command is executed, resulting in local arbitrary command execution (local RCE) under the gateway service user.

Details

The issue is in src/daemon/systemd-unit.ts:

renderEnvLines(...) builds:
Environment=${systemdEscapeArg(${key}=${value})}
No CR/LF validation is enforced for environment keys/values before writing unit lines.
systemdEscapeArg(...) uses:
/[\\s"\\\\]/
In this regex, \\s is interpreted as a literal backslash + s, not a whitespace character class. As a result, whitespace detection/quoting behavior is incorrect. Because systemd parses unit files line-by-line, a newline inside an environment value can inject an additional directive line. Example rendered output:

Environment=INJECT=ok
ExecStartPre=/bin/touch /tmp/oc15789_rce

At restart time, systemd executes ExecStartPre, enabling command execution.

Relevant code path/components involved in exploitation chain: - src/daemon/systemd-unit.ts - src/commands/daemon-install-helpers.ts - src/config/env-vars.ts - src/config/zod-schema.ts

Trigger conditions: 1. Attacker can influence config.env.vars (directly or indirectly). 2. Install/reinstall path is invoked to write/update the unit. 3. Service restart occurs (systemctl --user restart ...).

PoC

Environment: Linux host with systemd user services enabled.

Configure a malicious environment value in OpenClaw config (config.env.vars), including a newline and injected directive:

Key: INJECT

Value:

ok
ExecStartPre=/bin/touch /tmp/oc15789_rce

Install/reinstall the gateway service (fixed port as requested):
```
openclaw gateway install --port 15789 --force
```
Inspect the generated user unit file (default path):
```
~/.config/systemd/user/openclaw-gateway.service
```
Verify that an injected standalone line exists:
```
ExecStartPre=/bin/touch /tmp/oc15789_rce
```

Reload and restart user service:

systemctl --user daemon-reload

systemctl --user restart openclaw-gateway.service

Confirm command execution side effect:
```
ls -l /tmp/oc15789_rce
```

Impact

This is a local command execution vulnerability in OpenClaw’s systemd unit generation during install/reinstall flows.

Type: Command injection via newline/directive injection in unit file generation.
Execution context: Runs with the same privileges as the OpenClaw gateway service user.
Affected users: Linux deployments using systemd user services where an attacker can control config.env.vars and trigger install/reinstall.

Fix Commit(s)

61f646c41fb43cd87ed48f9125b4718a30d38e84

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:52:54Z",
    "cwe_ids": [
        "CWE-77"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2026-03-11T14:16:28Z"
}

References

Affected packages

npm / openclaw

Package

Name: openclaw; View open source insights on deps.dev
Purl: pkg:npm/openclaw

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.2.21

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-vffc-f7r7-rx2w/GHSA-vffc-f7r7-rx2w.json"

last_known_affected_version_range

"<= 2026.2.19-2"