GHSA-42MX-VP8M-J7QH

Vulnerability from github – Published: 2026-04-07 18:11 – Updated: 2026-04-07 18:11
VLAI?
Summary
OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup
Details

Summary

OpenShell mirror mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Current Maintainer Triage

  • Status: narrow
  • Normalized severity: medium
  • Assessment: Real on shipped <=2026.3.22 OpenShell mirror sync, but exploit needs mirror mode plus hooks enabled plus explicit hook opt-in plus restart, so high is overstated even though the direct fix shipped in v2026.3.28.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version: 2026.3.31
  • Vulnerable version range: <=2026.3.24
  • Patched versions: >= 2026.3.28
  • First stable tag containing the fix: v2026.3.28

Fix Commit(s)

  • c02ee8a3a4cb390b23afdf21317aa8b2096854d1 — 2026-03-25T19:59:07Z

Release Process Note

  • The fix is already present in released version 2026.3.28.
  • This draft looks ready for final maintainer disposition or publication, not additional code-fix work.

Thanks @tdjackey for reporting.

Severity ?
6.3 (Medium)
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.24"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-829"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-07T18:11:21Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\nOpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real on shipped \u003c=2026.3.22 OpenShell mirror sync, but exploit needs mirror mode plus hooks enabled plus explicit hook opt-in plus restart, so high is overstated even though the direct fix shipped in v2026.3.28.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.24`\n- Patched versions: `\u003e= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `c02ee8a3a4cb390b23afdf21317aa8b2096854d1` \u2014 2026-03-25T19:59:07Z\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @tdjackey for reporting.",
  "id": "GHSA-42mx-vp8m-j7qh",
  "modified": "2026-04-07T18:11:21Z",
  "published": "2026-04-07T18:11:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.