CVE-2026-35667 Overview
OpenClaw before version 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations.
Critical Impact
This improper process termination vulnerability (CWE-404) allows attackers with local access to bypass graceful shutdown procedures, potentially leading to data corruption, resource leaks, and the circumvention of security-sensitive cleanup operations that should execute during normal process termination.
Affected Products
- OpenClaw versions prior to 2026.3.24
Discovery Timeline
- 2026-04-10 - CVE CVE-2026-35667 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35667
Vulnerability Analysis
This vulnerability stems from an incomplete patch applied to address CVE-2026-27486. The killProcessTree function within shell-utils.ts was intended to be fixed but remains unpatched in the code path triggered by the !stop chat command. When invoked, this function immediately sends a SIGKILL signal to terminate processes rather than following proper shutdown protocol.
The proper termination sequence should first send a SIGTERM signal to allow processes to perform cleanup operations gracefully—flushing buffers, releasing file locks, closing database connections, and executing security-sensitive finalizers. By skipping directly to SIGKILL, the application forcibly terminates processes without any opportunity for orderly shutdown.
This improper resource shutdown classification (CWE-404) creates multiple downstream security implications. Processes that manage persistent data may leave files in inconsistent states, security tokens or credentials in memory may not be properly zeroed, and audit logging operations may be bypassed entirely.
Root Cause
The root cause is an incomplete remediation of CVE-2026-27486. While other code paths were patched to use graceful termination, the !stop command handler continues to invoke the original vulnerable killProcessTree implementation in shell-utils.ts. This function sends SIGKILL immediately instead of first attempting SIGTERM with a timeout before escalating to forced termination.
Attack Vector
The attack requires local access to the system with low privileges. An attacker who can send the !stop chat command can trigger the vulnerable code path. Upon execution, all child processes in the process tree are immediately killed without graceful shutdown, bypassing any cleanup handlers, finalization routines, or security-sensitive teardown operations.
The vulnerability mechanism centers on improper signal handling during process termination. When the !stop command is received, the application calls killProcessTree() which iterates through child processes and sends SIGKILL (signal 9) directly. This signal cannot be caught or ignored by the target processes, preventing them from executing registered signal handlers, atexit() callbacks, or destructor code that would normally run during graceful termination.
For detailed technical information, see the GitHub Security Advisory GHSA-3298-56p6-rpw2.
Detection Methods for CVE-2026-35667
Indicators of Compromise
- Unexpected SIGKILL signals in system logs without preceding SIGTERM signals
- Process termination events where cleanup operations or finalizers did not execute
- Data corruption in files that were being written to by terminated processes
- Resource leaks such as orphaned file handles, unreleased locks, or dangling database connections
- Missing or truncated audit log entries that should record shutdown events
Detection Strategies
- Monitor for invocations of the !stop chat command in application logs
- Implement process monitoring to detect abnormal termination patterns (SIGKILL without SIGTERM)
- Review application logs for errors indicating resources were not properly released
- Enable audit logging for all process termination events and signal delivery
Monitoring Recommendations
- Configure alerting on process crashes or forced terminations in production environments
- Implement file integrity monitoring on critical data files that may be affected by abrupt termination
- Monitor system resource utilization for signs of resource leaks following process termination
- Review chat command logs for suspicious or unauthorized use of the !stop command
How to Mitigate CVE-2026-35667
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.24 or later where the killProcessTree function is fully patched
- Restrict access to the !stop chat command to authorized administrators only
- Review and audit recent uses of the !stop command for potential exploitation
- Check data integrity of any files or databases that may have been affected by improper termination
Patch Information
The vulnerability is addressed in OpenClaw version 2026.3.24 and later. The fix ensures that the killProcessTree function sends SIGTERM first, allowing processes time to perform graceful shutdown before escalating to SIGKILL if necessary.
For additional details, refer to the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- Disable or restrict access to the !stop chat command until the patch can be applied
- Implement application-level access controls to prevent unauthorized users from invoking termination commands
- Configure process supervisors to handle graceful shutdown externally before any forced termination
- Deploy monitoring to detect and alert on improper process termination events
# Configuration example
# Restrict access to the !stop command by modifying chat command permissions
# Location: config/permissions.yaml
chat_commands:
stop:
enabled: false # Disable until patched
# Or restrict to admin users only:
# allowed_roles: ["admin"]
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
