CVE-2026-27183
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
Description
OpenClaw's `system.run` dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. With exactly four transparent dispatch wrappers such as repeated `env` invocations before `/bin/sh -c`, the approval classifier could stop treating the command as a shell wrapper at the depth boundary while execution planning still unwrapped through to the shell payload. In `security=allowlist` mode, that mismatch could skip the expected approval-required path for the shell wrapper invocation. Latest published npm version: `2026.3.2` Fixed on `main` on March 7, 2026 in `2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0` by keeping shell-wrapper classification active at the configured dispatch depth boundary and only failing closed beyond that boundary. This aligns approval gating with the execution plan. Legitimate shallow dispatch-wrapper usage continues to work. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.3.2` - Patched version: `>= 2026.3.7` ## Fix Commit(s) - `2fc95a7cfc1eb9306356510b0251b6d51fb1c0b0` ## Release Process Note npm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package. Thanks @tdjackey for reporting.
How to fix CVE-2026-27183
To remediate CVE-2026-27183, upgrade the affected package to a fixed version below.
- —upgrade to 2026.3.7 or later
Is CVE-2026-27183 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.3.7