DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-9Q2P-VC84-2RWM: GHSA-9Q2P-VC84-2RWM: Parser Differential Vulnerability in OpenClaw Security Allowlist

#security #cve #cybersecurity #ghsa

GHSA-9Q2P-VC84-2RWM: Parser Differential Vulnerability in OpenClaw Security Allowlist

Vulnerability ID: GHSA-9Q2P-VC84-2RWM
CVSS Score: 6.5
Published: 2026-03-09

A parser differential vulnerability exists in the OpenClaw AI assistant system.run host tool. The security analysis engine fails to correctly parse POSIX shell comments, allowing attackers to bypass the allowlist via the allow-always persistence mechanism.

TL;DR

OpenClaw versions prior to v2026.3.7 incorrectly parse shell comments during command analysis. This allows an attacker to append a malicious payload behind a shell comment, deceiving the persistence engine into permanently trusting the unauthorized payload without user consent.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-115 / CWE-436
  • Attack Vector: Contextual/Local
  • Authentication: None (Requires User Interaction)
  • Platform: POSIX (Linux, macOS)
  • Exploit Status: Proof of Concept
  • Patch Version: v2026.3.7

Affected Systems

  • OpenClaw system.run host tool (Linux)
  • OpenClaw system.run host tool (macOS)
  • OpenClaw: < v2026.3.7 (Fixed in: v2026.3.7)

Code Analysis

Commit: 939b184

Fix system.run allow-always persistence shell-commented payload tails

Mitigation Strategies

  • Upgrade OpenClaw to version v2026.3.7 or higher.
  • Disable the 'allow-always' persistence feature in the system.run configuration.
  • Audit the existing persistence database for malicious entries containing shell comments.

Remediation Steps:

  1. Identify all instances of OpenClaw running in the environment.
  2. Update the openclaw package to v2026.3.7 using the relevant package manager.
  3. Restart the OpenClaw service to ensure the new tokenization logic is loaded.
  4. Review the stored allowlist patterns for entries containing suspicious commands trailing a '#' character.
  5. Delete any identified malicious patterns from the persistence store.

References

Read the full report for GHSA-9Q2P-VC84-2RWM on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)