← Volver a CVEs
CVE-2026-29608
MEDIUM6.7
Descripcion
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text.
Detalles CVE
Puntuacion CVSS v3.16.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado3/19/2026
Ultima modificacion3/19/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
openclaw:openclaw
Debilidades (CWE)
CWE-88
Referencias
https://github.com/openclaw/openclaw/commit/dded569626b0d8e7bdab10b5e7528b6caf73a0f1(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-h3rm-6x7g-882f(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-approval-integrity-bypass-via-system-run-argv-rewriting(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.