CVE-2026-27183: OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
(updated )
OpenClaw’s system.run dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning.
With exactly four transparent dispatch wrappers such as repeated env invocations before /bin/sh -c, the approval classifier could stop treating the command as a shell wrapper at the depth boundary while execution planning still unwrapped through to the shell payload. In security=allowlist mode, that mismatch could skip the expected approval-required path for the shell wrapper invocation.
Latest published npm version: 2026.3.2
Fixed on main on March 7, 2026 in 2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0 by keeping shell-wrapper classification active at the configured dispatch depth boundary and only failing closed beyond that boundary. This aligns approval gating with the execution plan. Legitimate shallow dispatch-wrapper usage continues to work.
References
- github.com/advisories/GHSA-r6qf-8968-wj9q
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0
- github.com/openclaw/openclaw/releases/tag/v2026.3.7
- github.com/openclaw/openclaw/security/advisories/GHSA-r6qf-8968-wj9q
- nvd.nist.gov/vuln/detail/CVE-2026-27183
Code Behaviors & Features
Detect and mitigate CVE-2026-27183 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →