GHSA-6j27-pc5c-m8w8: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution

March 2, 2026

In openclaw npm releases up to and including 2026.2.21-2, approving wrapped system.run commands with allow-always in security=allowlist mode could persist wrapper-level allowlist entries and enable later approval-bypass execution of different inner payloads.

References

github.com/advisories/GHSA-6j27-pc5c-m8w8
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb38418bb0
github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8

Code Behaviors & Features

Detect and mitigate GHSA-6j27-pc5c-m8w8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →