OpenClaw: Shell init-file options could satisfy exec allowlist script matching
GHSA-wpc6-37g7-8q4w · CVE-2026-41392
Published · Modified
Description
Summary
Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even though the shell loaded attacker-chosen initialization first.
Impact
This issue only applied when exec allowlist or allow-always behavior was enabled and the attacker could steer a shell-wrapper command shape that used init-file options. The result was a narrower allowlist bypass, not generic arbitrary command execution from an untrusted boundary.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
< 2026.3.31 - Patched versions:
>= 2026.3.31 - Latest published npm version:
2026.4.1
Fix Commit(s)
0c8375424620e12777ef24c162eedc7e9fcfd7e3— reject shell init-file script matches
Release Process Note
The fix shipped in OpenClaw 2026.3.31 on March 31, 2026. The current published npm release 2026.4.1 from April 1, 2026 also contains the fix.
Thanks @cyjhhh for reporting.
References
- WEB https://github.com/openclaw/openclaw/security/advisories/GHSA-wpc6-37g7-8q4w
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-41392
- WEB https://github.com/openclaw/openclaw/commit/0c8375424620e12777ef24c162eedc7e9fcfd7e3
- PACKAGE https://github.com/openclaw/openclaw
- WEB https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-shell-init-file-options
Ready to move
Start Securing
Free, no credit card | First findings in minutes