CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2026-02-06 21:16

Updated : 2026-02-13 14:44

NVD link : CVE-2026-25593

Mitre link : CVE-2026-25593

CVE.ORG link : CVE-2026-25593

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2026-25593", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2026-02-06T21:16:17.790", "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerability is fixed in 2026.1.20."}, {"lang": "es", "value": "OpenClaw es un asistente personal de IA. Antes de la versi\u00f3n 2026.1.20, un cliente local no autenticado pod\u00eda usar la API WebSocket de Gateway para escribir la configuraci\u00f3n a trav\u00e9s de config.apply y establecer valores inseguros de cliPath que luego se usaban para el descubrimiento de comandos, lo que permit\u00eda la inyecci\u00f3n de comandos como el usuario de gateway. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 2026.1.20."}], "lastModified": "2026-02-13T14:44:08.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "E5B8DFA8-AEDD-4BC1-A7FD-CE3673D8EDDE", "versionEndExcluding": "2026.1.20"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}