Description
OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string.
INFO
Published Date :
2026-03-18T01:34:28.702Z
Last Modified :
2026-03-18T14:02:06.726Z
Source :
VulnCheck
AFFECTED PRODUCTS
The following products are affected by CVE-2026-27545 vulnerability.
| Vendors | Products |
|---|---|
| Openclaw |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27545.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact