CVE-2026-32979 Overview
OpenClaw before version 2026.3.11 contains an approval integrity vulnerability (CWE-367: Time-of-Check Time-of-Use Race Condition) that allows attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user.
Critical Impact
Attackers can exploit a TOCTOU race condition to bypass script approval mechanisms and execute arbitrary code as the OpenClaw runtime user, potentially leading to complete system compromise.
Affected Products
- OpenClaw versions prior to 2026.3.11
- OpenClaw for Node.js
Discovery Timeline
- 2026-03-29 - CVE CVE-2026-32979 published to NVD
- 2026-03-30 - Last updated in NVD database
Technical Details for CVE-2026-32979
Vulnerability Analysis
This vulnerability is a classic Time-of-Check Time-of-Use (TOCTOU) race condition in the OpenClaw approval workflow. The flaw exists because the system fails to bind approved scripts to their exact file state at the time of approval. This creates a window of opportunity between when a script is validated and when it is actually executed.
In the vulnerable workflow, OpenClaw validates a script at one point in time (time-of-check) but executes the file at a later point (time-of-use). Because the file binding is not exact—meaning the system doesn't cryptographically verify the script content before execution—an attacker with local access can modify the approved script during this window. The modified malicious code then runs with the privileges of the OpenClaw runtime user.
The impact is significant: successful exploitation allows arbitrary code execution in the context of the OpenClaw runtime, which could lead to data exfiltration, lateral movement, or further system compromise depending on the runtime user's privileges.
Root Cause
The root cause is improper binding between the script approval process and execution. OpenClaw fails to implement content verification (such as cryptographic hashing) between the approval checkpoint and actual script execution. This allows the file contents to be modified after approval but before execution, bypassing the intended security controls.
Attack Vector
The attack requires local access to the system where OpenClaw is running. An attacker must have sufficient privileges to modify script files that have been approved for execution. The attack sequence involves:
- A legitimate script is submitted and approved through the normal OpenClaw workflow
- The attacker monitors for approved scripts pending execution
- During the window between approval and execution, the attacker replaces or modifies the approved script with malicious code
- OpenClaw executes the modified script, believing it to be the originally approved content
- Malicious code runs with the privileges of the OpenClaw runtime user
The vulnerability mechanism involves exploiting the time gap in the approval workflow. When a script is approved for execution, OpenClaw stores the approval state but does not bind this approval to a specific file hash or checksum. An attacker with write access to the script location can replace the file contents after approval. The system then executes the modified file under the assumption it matches the approved version. For detailed technical information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-32979
Indicators of Compromise
- Unexpected modifications to approved scripts immediately before their scheduled execution
- File modification timestamps that change between approval time and execution time
- Unusual process activity spawned by the OpenClaw runtime user
- Script content hashes that differ from previously recorded baseline values
Detection Strategies
- Implement file integrity monitoring (FIM) on directories containing approved scripts
- Monitor for rapid file modifications followed by OpenClaw execution events
- Configure audit logging for all write operations to script directories
- Analyze process trees for unexpected child processes of the OpenClaw runtime
Monitoring Recommendations
- Enable comprehensive filesystem auditing on OpenClaw script directories
- Correlate file modification events with script execution logs
- Set up alerts for any script modifications within seconds of execution
- Review OpenClaw runtime user activity for anomalous behavior patterns
How to Mitigate CVE-2026-32979
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.11 or later immediately
- Restrict write permissions on directories containing approved scripts
- Implement additional access controls on script storage locations
- Review recent script executions for signs of exploitation
Patch Information
OpenClaw version 2026.3.11 addresses this vulnerability by implementing exact file binding during the approval process. Organizations should upgrade to this version or later as soon as possible. Refer to the GitHub Security Advisory for official patch details and the VulnCheck Advisory for additional technical context.
Workarounds
- Restrict write access to script directories to only trusted administrative accounts
- Implement external file integrity monitoring to detect unauthorized modifications
- Consider running OpenClaw in an isolated environment with restricted filesystem access
- Manually verify script content hashes immediately before execution as a temporary measure
# Example: Restrict permissions on OpenClaw script directory
chmod 755 /path/to/openclaw/scripts
chown root:openclaw-admins /path/to/openclaw/scripts
# Enable filesystem auditing on script directory (Linux)
auditctl -w /path/to/openclaw/scripts -p wa -k openclaw_scripts
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
