CVE-2026-32058
OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
Description
### Summary In approval-enabled `host=node` workflows, `system.run` approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input. ### Affected Packages / Versions - Package: npm `openclaw` - Latest published npm version at triage: `2026.2.25` - Affected range: `<= 2026.2.25` - Planned fixed version (next npm release): `2026.2.26` ### Preconditions / Typical Exposure This requires all of the following: - `system.run` usage through `host=node` - Exec approvals enabled and used as an execution-integrity control - Access to an approval id in the same context Most default single-operator local setups do not rely on this path, so practical exposure is typically lower. ### Details Approval matching now uses a required versioned binding (`systemRunBindingV1`) over command argv, cwd, agent/session context, and env hash. The fix: - Requires `commandArgv` when requesting `host=node` approvals. - Requires `systemRunBindingV1` when consuming approvals for node `system.run`. - Removes legacy non-versioned fallback matching and fails closed on missing/mismatched bindings. - Keeps env mismatch handling explicit and blocks `GIT_EXTERNAL_DIFF` in host env policy. - Adds/updates regression and contract coverage for mismatch mapping and binding rules. ### Impact Configuration-dependent approval-integrity weakness in node-host exec approval flows. Severity remains `medium` because exploitation depends on this specific approval mode and context. ### Fix Commit(s) - `10481097f8e6dd0346db9be0b5f27570e1bdfcfa` ### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.26`) so once npm release `2026.2.26` is published, the advisory can be published without further metadata edits. OpenClaw thanks @tdjackey for reporting.
How to fix CVE-2026-32058
To remediate CVE-2026-32058, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.26 or later
Is CVE-2026-32058 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.