CVE-2026-31997
OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals
CVSS Score
6.0
EPSS Score
0.0%
EPSS Percentile
0th
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.
| CWE | CWE-367 |
| Vendor | openclaw |
| Product | openclaw |
| Published | Mar 19, 2026 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for openclaw openclaw
Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
OpenClaw / OpenClaw
0 < 2026.3.1
References
Credits
๐ tdjackey