Описание
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply
Summary
An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user.
Impact
A local process on the same machine could execute arbitrary commands as the gateway process user.
Details
config.applyaccepted raw JSON and wrote it to disk after schema validation.cliPathvalues were not constrained to safe executable names/paths.- Command discovery used a shell invocation when resolving executables.
Mitigation
Upgrade to a patched release. If projects cannot upgrade immediately, set gateway.auth and avoid custom cliPath values.
Пакеты
Наименование
openclaw
npm
Затронутые версииВерсия исправления
< 2026.1.20
2026.1.20