{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/integrity-compromise/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["npm/openclaw (\u003c 2026.5.18)"],"_cs_severities":["high"],"_cs_tags":["command-injection","approval-bypass","integrity-compromise","application"],"_cs_type":"threat","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA high-severity vulnerability has been identified in the OpenClaw application, specifically affecting its exec approval display in versions prior to \u003ccode\u003e2026.5.18\u003c/code\u003e. This flaw allows for the truncation of commands presented to an approver within the user interface, while the full command, including any hidden suffixes, is retained for execution. An authenticated attacker can exploit this by submitting a crafted, oversized command where a benign prefix is visible in the UI, but a malicious suffix containing additional shell operations remains hidden. Upon approval, the complete, malicious command is executed. This issue fundamentally undermines the integrity of the approval process by misrepresenting the actual command to be run. While it does not grant unauthenticated access or alter OpenClaw's local-first trust model, it poses a significant risk in deployments where exec approval is enabled, allowing an attacker to effectively bypass human review for potentially dangerous commands.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker crafts a malicious command that is intentionally long, containing a benign-looking prefix and a hidden, malicious suffix with additional shell operations (e.g., \u003ccode\u003eecho \u0026quot;legit_cmd_output\u0026quot;; malicious_command_here\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a pending host exec request within OpenClaw, submitting this crafted, oversized command.\u003c/li\u003e\n\u003cli\u003eWhen the command is presented to an approver in the OpenClaw UI, the display truncation vulnerability causes only the benign prefix of the command to be visible.\u003c/li\u003e\n\u003cli\u003eThe approver, unaware of the hidden malicious suffix, reviews the truncated command and proceeds to authorize its execution.\u003c/li\u003e\n\u003cli\u003eUpon successful approval, the OpenClaw system executes the \u003cem\u003efull\u003c/em\u003e original command, including the hidden malicious suffix, on the target host.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003emalicious_command_here\u003c/code\u003e from the hidden suffix executes with the privileges of the OpenClaw agent on the target system, potentially leading to unauthorized actions such as data exfiltration, system modification, or further compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe core impact of this vulnerability is a critical failure in the integrity of OpenClaw's exec approval mechanism. An approver, relying on the displayed command, could unknowingly authorize the execution of arbitrary and potentially malicious shell commands on a target system. This effectively bypasses a crucial security control designed to prevent unauthorized or unintended actions. While the advisory does not specify observed exploitation in the wild or provide victim counts, any organization utilizing OpenClaw with exec approval enabled and not running a patched version is vulnerable. The potential damage could range from data manipulation and service disruption to complete system compromise, depending on the nature of the hidden malicious command and the privileges granted to OpenClaw.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003eopenclaw@2026.5.18\u003c/code\u003e or later immediately to apply the patch for this vulnerability.\u003c/li\u003e\n\u003cli\u003ePrior to upgrading any systems running OpenClaw versions \u003ccode\u003e\u0026lt; 2026.5.18\u003c/code\u003e, refrain from approving unusually long exec commands to mitigate potential exploitation.\u003c/li\u003e\n\u003cli\u003eEnsure that OpenClaw exec approval capabilities are strictly limited to highly trusted operators who are aware of the truncation vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:20:49Z","date_published":"2026-07-03T12:20:49Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-truncation-vulnerability/","summary":"A high-severity vulnerability in OpenClaw's exec approval feature (versions prior to 2026.5.18) allows an authenticated attacker to bypass approval integrity by crafting a long command that appears benign in the truncated UI but contains a malicious suffix, leading to unauthorized command execution.","title":"OpenClaw Exec Approval Truncation Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-truncation-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed - Integrity-Compromise","version":"https://jsonfeed.org/version/1.1"}