CVE-2026-35666
Published: 10 April 2026
Summary
CVE-2026-35666 is a high-severity Use of Incorrectly-Resolved Name or Reference (CWE-706) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Indirect Command Execution (T1202); ranked at the 15.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements a reference monitor that mediates all access to executables with complete mediation and tamper resistance, preventing bypasses via unregistered wrappers like /usr/bin/time in OpenClaw's system.run approvals.
Enforces deny-all/permit-by-exception policy for software execution via allowlist, blocking unauthorized inner commands despite the approval mechanism bypass in OpenClaw.
Requires enforcement of approved authorizations for access to system resources like executables, directly countering the failure to unwrap and validate wrappers in system.run allowlist checks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables bypass of executable allowlist via /usr/bin/time wrapper for unauthorized command execution (T1202 indirect execution and T1059.004 Unix Shell), exploited by low-priv users for high-impact effects (T1068).
NVD Description
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands.
Deeper analysisAI
CVE-2026-35666 is an allowlist bypass vulnerability (CWE-706) in the system.run approvals of OpenClaw versions prior to 2026.3.22. The flaw occurs because the approval mechanism fails to properly unwrap wrappers around /usr/bin/time, allowing attackers to exploit an unregistered time wrapper. This enables reuse of prior approval states for inner commands, circumventing executable binding restrictions. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-10.
Low-privileged users (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required. By leveraging the /usr/bin/time wrapper, attackers bypass allowlist restrictions to execute unauthorized inner commands, potentially achieving high confidentiality, integrity, and availability impacts on the affected system.
Mitigation involves upgrading to OpenClaw 2026.3.22 or later, as detailed in the project's security advisory (GHSA-qm9x-v7cx-7rq4) and related commits (39409b6a6dd4239deea682e626bac9ba547bfb14 and 630f1479c44f78484dfa21bb407cbe6f171dac87). Additional analysis is available from VulnCheck's advisory on the allowlist bypass via unregistered time dispatch wrapper.
Details
- CWE(s)