GHSA-G55J-C2V4-PJCG

Vulnerability from github – Published: 2026-02-04 20:06 – Updated: 2026-02-06 21:43
VLAI?
Summary
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply
Details

Summary

An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user.

Impact

A local process on the same machine could execute arbitrary commands as the gateway process user.

Details

  • config.apply accepted raw JSON and wrote it to disk after schema validation.
  • cliPath values were not constrained to safe executable names/paths.
  • Command discovery used a shell invocation when resolving executables.

Mitigation

Upgrade to a patched release. If projects cannot upgrade immediately, set gateway.auth and avoid custom cliPath values.

Severity ?
8.4 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.1.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25593"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-306",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-04T20:06:46Z",
    "nvd_published_at": "2026-02-06T21:16:17Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nAn unauthenticated local client could use the Gateway WebSocket API to write config via `config.apply` and set unsafe `cliPath` values that were later used for command discovery, enabling command injection as the gateway user.\n\n### Impact\n\nA local process on the same machine could execute arbitrary commands as the gateway process user.\n\n### Details\n\n- `config.apply` accepted raw JSON and wrote it to disk after schema validation.\n- `cliPath` values were not constrained to safe executable names/paths.\n- Command discovery used a shell invocation when resolving executables.\n\n### Mitigation\n\nUpgrade to a patched release. If projects cannot upgrade immediately, set `gateway.auth` and avoid custom `cliPath` values.",
  "id": "GHSA-g55j-c2v4-pjcg",
  "modified": "2026-02-06T21:43:41Z",
  "published": "2026-02-04T20:06:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25593"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.