CVE-2026-29607: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
(updated )
In openclaw npm releases up to and including 2026.2.21-2, approving wrapped system.run commands with allow-always in security=allowlist mode could persist wrapper-level allowlist entries and enable later approval-bypass execution of different inner payloads.
References
- github.com/advisories/GHSA-6j27-pc5c-m8w8
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb38418bb0
- github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8
- nvd.nist.gov/vuln/detail/CVE-2026-29607
- www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allow-always-wrapper-persistence
Code Behaviors & Features
Detect and mitigate CVE-2026-29607 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →