Vulnerabilities

CVE-2026-35666

by Fred · 10/04/2026

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.

More information : https://github.com/openclaw/openclaw/commit/39409b6a6dd4239deea682e626bac9ba547bfb14

Similar

Tags: Cybersecurity Alert