CVE-2026-32023: OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
(updated )
A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers (for example repeated /usr/bin/env) to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt for shell execution.
References
- github.com/advisories/GHSA-ccg8-46r6-9qgj
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b
- github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj
- nvd.nist.gov/vuln/detail/CVE-2026-32023
- www.vulncheck.com/advisories/openclaw-approval-gating-bypass-via-dispatch-wrapper-depth-cap-mismatch-in-system-run
Code Behaviors & Features
Detect and mitigate CVE-2026-32023 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →