CVE-2026-31997

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.0 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N                                    

Vulnerability Description

OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.

Vulnerability Details

Published Date

March 19, 2026

Last Modified

March 19, 2026

CWE ID

CWE-367

Source

NVD

Vendor

OpenClaw

Product

OpenClaw

External References

https://github.com/openclaw/openclaw/security/advisories/GHSA-q399-23r3-hfx4
https://www.vulncheck.com/advisories/openclaw-executable-rebind-via-unbound-path-token-in-system-run-approvals

CVE-2026-31997

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment