GHSA-wpc6-37g7-8q4w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wpc6-37g7-8q4w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-wpc6-37g7-8q4w/GHSA-wpc6-37g7-8q4w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wpc6-37g7-8q4w
- Downstream
- Published
- 2026-04-07T18:14:35Z
- Modified
- 2026-04-07T18:34:06.177272Z
- Severity
-
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenClaw: Shell init-file options could satisfy exec allowlist script matching
- Details
-
Summary
Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as
--rcfile,--init-file, and--startup-filecould therefore inherit allowlist trust from a matched script path even though the shell loaded attacker-chosen initialization first.Impact
This issue only applied when exec allowlist or allow-always behavior was enabled and the attacker could steer a shell-wrapper command shape that used init-file options. The result was a narrower allowlist bypass, not generic arbitrary command execution from an untrusted boundary.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
< 2026.3.31 - Patched versions:
>= 2026.3.31 - Latest published npm version:
2026.4.1
Fix Commit(s)
0c8375424620e12777ef24c162eedc7e9fcfd7e3— reject shell init-file script matches
Release Process Note
The fix shipped in OpenClaw
2026.3.31on March 31, 2026. The current published npm release2026.4.1from April 1, 2026 also contains the fix.Thanks @cyjhhh for reporting.
- Package:
- Database specific
{ "github_reviewed": true, "nvd_published_at": null, "cwe_ids": [ "CWE-184" ], "github_reviewed_at": "2026-04-07T18:14:35Z", "severity": "MODERATE" }- References
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw