CVE-2026-27545
OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string.
| CWE | CWE-367 |
| Vendor | openclaw |
| Product | openclaw |
| Published | Mar 18, 2026 |
| Last Updated | Mar 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for openclaw openclaw
Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low
Affected Versions
OpenClaw / OpenClaw
0 < 2026.2.26
References
github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-f7ww-2725-qvw2 github.com: https://github.com/openclaw/openclaw/commit/78a7ff2d50fb3bcef351571cb5a0f21430a340c1 github.com: https://github.com/openclaw/openclaw/commit/d82c042b09727a6148f3ca651b254c4a677aff26 github.com: https://github.com/openclaw/openclaw/commit/d06632ba45a8482192792c55d5ff0b2e21abb0a7 github.com: https://github.com/openclaw/openclaw/commit/4e690e09c746408b5e27617a20cb3fdc5190dbda github.com: https://github.com/openclaw/openclaw/commit/4b4718c8dfce2e2c48404aa5088af7c013bed60b vulncheck.com: https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-parent-symlink-current-working-directory-rebind
Credits
๐ tdjackey