{"id":"GHSA-r6qf-8968-wj9q","summary":"OpenClaw: system.run wrapper-depth boundary could skip shell approval gating","details":"OpenClaw's `system.run` dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning.\n\nWith exactly four transparent dispatch wrappers such as repeated `env` invocations before `/bin/sh -c`, the approval classifier could stop treating the command as a shell wrapper at the depth boundary while execution planning still unwrapped through to the shell payload. In `security=allowlist` mode, that mismatch could skip the expected approval-required path for the shell wrapper invocation.\n\nLatest published npm version: `2026.3.2`\n\nFixed on `main` on March 7, 2026 in `2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0` by keeping shell-wrapper classification active at the configured dispatch depth boundary and only failing closed beyond that boundary. This aligns approval gating with the execution plan. Legitimate shallow dispatch-wrapper usage continues to work.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.3.2`\n- Patched version: `\u003e= 2026.3.7`\n\n## Fix Commit(s)\n\n- `2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0`\n\n## Release Process Note\n\nnpm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.\n\nThanks @tdjackey for reporting.","aliases":["CVE-2026-27183"],"modified":"2026-03-30T13:49:45.239291Z","published":"2026-03-09T19:54:25Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2026-03-09T19:54:25Z","nvd_published_at":"2026-03-23T22:16:25Z","cwe_ids":["CWE-436","CWE-863"],"severity":"LOW"},"references":[{"type":"WEB","url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6qf-8968-wj9q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27183"},{"type":"WEB","url":"https://github.com/openclaw/openclaw/commit/2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0"},{"type":"PACKAGE","url":"https://github.com/openclaw/openclaw"},{"type":"WEB","url":"https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"},{"type":"WEB","url":"https://vulncheck.com/advisories/openclaw-mar-shell-approval-gating-bypass-via-dispatch-wrapper-depth-mismatch"}],"affected":[{"package":{"name":"openclaw","ecosystem":"npm","purl":"pkg:npm/openclaw"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2026.3.7"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-r6qf-8968-wj9q/GHSA-r6qf-8968-wj9q.json","last_known_affected_version_range":"\u003c= 2026.3.2"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}]}