📄 Description (English)
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass command execution restrictions and execute arbitrary commands on node hosts.
🤖 AI Executive Summary
OpenClaw versions before 2026.2.25 contain a time-of-check-time-of-use (TOCTOU) vulnerability in the approval-bound system.run execution mechanism. Attackers can manipulate symlinked working directories between approval and execution phases to bypass command execution restrictions and achieve arbitrary code execution on node hosts. This vulnerability poses a significant risk to organizations using OpenClaw for infrastructure automation and command execution workflows.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 12, 2026 22:03
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in government IT infrastructure, financial services automation, and energy sector operations that utilize OpenClaw for infrastructure-as-code and automated command execution. High-risk sectors include: (1) ARAMCO and energy companies using OpenClaw for operational automation, (2) Banking sector (SAMA-regulated institutions) using it for backend infrastructure management, (3) Government agencies (NCA oversight) employing OpenClaw for system administration, (4) Telecom operators (STC, Mobily) using it for network automation. The TOCTOU vulnerability allows privilege escalation and lateral movement within critical infrastructure environments.
🏢 Affected Saudi Sectors
Government
Banking and Financial Services
Energy and Utilities
Telecommunications
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
T1548.004 - Abuse Elevation Control Mechanism (approval bypass)
T1036.006 - Masquerading (symlink manipulation)
T1059.001 - Command and Scripting Interpreter (arbitrary command execution)
T1574.010 - Hijack Execution Flow (symlink hijacking)
T1222.002 - File and Directory Permissions Modification (symlink exploitation)
T1542.005 - Compromised Component (infrastructure automation compromise)
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all OpenClaw deployments in your environment and document versions currently in use
2. Restrict access to OpenClaw approval workflows to trusted administrators only
3. Implement file system monitoring on directories containing symlinks used in OpenClaw cwd parameters
4. Review approval logs for any suspicious cwd parameter changes or symlink manipulations
Patching Guidance:
1. Upgrade to OpenClaw version 2026.2.25 or later when available
2. Until patch is available, implement compensating controls:
- Use read-only file systems or immutable snapshots for cwd directories
- Implement SELinux or AppArmor policies to restrict symlink resolution in OpenClaw execution contexts
- Disable symlink support in cwd parameters if functionality permits
Compensating Controls:
1. Deploy file integrity monitoring (FIM) on all directories used as cwd parameters
2. Implement strict change control procedures requiring re-approval if cwd paths are modified
3. Use containerized execution environments with restricted file system access
4. Enable audit logging for all symlink creation/modification events
Detection Rules:
1. Alert on symlink creation/modification in directories used as OpenClaw cwd parameters
2. Monitor for approval records where cwd path differs from actual resolved path at execution time
3. Track execution of commands with unexpected working directories
4. Flag approval-to-execution time gaps exceeding normal thresholds
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع نشرات OpenClaw في بيئتك وتوثيق الإصدارات المستخدمة حالياً
2. قيد الوصول إلى سير عمل موافقة OpenClaw للمسؤولين الموثوقين فقط
3. طبق مراقبة نظام الملفات على المجلدات التي تحتوي على روابط رمزية المستخدمة في معاملات cwd
4. راجع سجلات الموافقة للكشف عن أي تغييرات مريبة في معاملات cwd أو تلاعب بالروابط الرمزية
إرشادات التصحيح:
1. قم بالترقية إلى إصدار OpenClaw 2026.2.25 أو أحدث عند توفره
2. حتى يتوفر التصحيح، طبق عناصر تحكم تعويضية:
- استخدم أنظمة ملفات للقراءة فقط أو لقطات ثابتة لمجلدات cwd
- طبق سياسات SELinux أو AppArmor لتقييد دقة الروابط الرمزية في سياقات تنفيذ OpenClaw
- عطل دعم الروابط الرمزية في معاملات cwd إن أمكن
عناصر التحكم التعويضية:
1. نشر مراقبة سلامة الملفات (FIM) على جميع المجلدات المستخدمة كمعاملات cwd
2. طبق إجراءات تحكم صارمة في التغيير تتطلب إعادة موافقة إذا تم تعديل مسارات cwd
3. استخدم بيئات التنفيذ المحتوية مع وصول نظام ملفات مقيد
4. فعّل تسجيل التدقيق لجميع أحداث إنشاء/تعديل الروابط الرمزية
قواعد الكشف:
1. تنبيهات عند إنشاء/تعديل الروابط الرمزية في المجلدات المستخدمة كمعاملات cwd
2. مراقبة سجلات الموافقة حيث يختلف مسار cwd عن المسار المحل الفعلي وقت التنفيذ
3. تتبع تنفيذ الأوامر مع مجلدات عمل غير متوقعة
4. وضع علم على فجوات الموافقة إلى التنفيذ التي تتجاوز الحدود الطبيعية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies (approval bypass vulnerability)
ECC 2024 A.12.4.1 - Event Logging (insufficient logging of symlink manipulation)
ECC 2024 A.12.4.3 - Protection of Log Information (audit trail integrity)
ECC 2024 A.14.2.1 - Change Management (inadequate change control in cwd resolution)
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Asset Management (inventory of vulnerable OpenClaw instances)
SAMA CSF PR.AC-1 - Access Control (approval mechanism bypass)
SAMA CSF DE.CM-1 - Detection and Analysis (monitoring symlink manipulation)
SAMA CSF RS.MI-2 - Incident Response (containment of arbitrary code execution)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control (approval workflow integrity)
ISO 27001:2022 A.8.1 - User Endpoint Devices (command execution restrictions)
ISO 27001:2022 A.12.4.1 - Event Logging (TOCTOU detection)
ISO 27001:2022 A.14.2.1 - Change of Information and Processing Facilities (cwd parameter validation)
🟣 PCI DSS v4.0.1
PCI DSS 3.2.1 - Strong Cryptography (if OpenClaw used in payment systems)
PCI DSS 7.1 - Access Control (approval bypass impact)
PCI DSS 10.2.1 - Audit Trails (insufficient logging of execution context changes)
🔗 References & Sources 3
🔗
🔗
🔗
https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-sym...
disclosure@vulncheck.com