GHSA-cjq8-m7wj-xmq9: Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references.
Original Description
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval with changed env input, bypassing execution-integrity controls in approval-enabled workflows.
References
- github.com/advisories/GHSA-cjq8-m7wj-xmq9
- github.com/openclaw/openclaw/commit/10481097f8e6dd0346db9be0b5f27570e1bdfcfa
- github.com/openclaw/openclaw/security/advisories/GHSA-hjvp-qhm6-wrh2
- nvd.nist.gov/vuln/detail/CVE-2026-32058
- www.vulncheck.com/advisories/openclaw-approval-context-binding-weakness-in-system-run-via-host-node
Code Behaviors & Features
Detect and mitigate GHSA-cjq8-m7wj-xmq9 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →