OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.
Exploitability
AV:NAC:LAT:PPR:LUI:NVulnerable System
VC:HVI:HVA:HSubsequent System
SC:NSI:NSA:N7.7/CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NOther