GHSA-HWPQ-RRPF-PGCQ: GHSA-HWPQ-RRPF-PGCQ: Execution Approval Bypass in OpenClaw system.run

GHSA-HWPQ-RRPF-PGCQ: Execution Approval Bypass in OpenClaw system.run Vulnerability ID: GHSA-HWPQ-RRPF-PGCQ CVSS Score: 7.2 Published: 2026-03-02 A critical vulnerability in the OpenClaw AI assistant allows attackers to bypass execution approval mechanisms. Due to a discrepancy between how commands are displayed to the user and how they are executed by the system, an attacker can trick a user into approving a malicious binary execution under the guise of a benign command. This issue affects the system.run tool and allows for arbitrary code execution if the attacker can influence the AI agent's tool calls. TL;DR OpenClaw versions before 2026.2.25 contain a UI spoofing vulnerability in the system.run approval flow. Attackers can execute binaries with trailing whitespace in their names while displaying a clean, benign command to the user for approval. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-290 Attack Vector : Network (Agent Instruction) CVSS : 7.2 (High) Impact : Arbitrary