GHSA-ccg8-46r6-9qgj: OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode

March 3, 2026

A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers (for example repeated /usr/bin/env) to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt for shell execution.

References

github.com/advisories/GHSA-ccg8-46r6-9qgj
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/57c9a18180c8b14885bbd95474cbb17ff2d03f0b
github.com/openclaw/openclaw/security/advisories/GHSA-ccg8-46r6-9qgj

Code Behaviors & Features

Detect and mitigate GHSA-ccg8-46r6-9qgj with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →