![[openclaw] OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind](/assets/images/github_com_1772501082009.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 1
[openclaw] OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind
By GitHub2026๋
3์ 3์ผ
**[openclaw] OpenClaw: Node system.run approval bypass via parent-symlink cwd rebind**
Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions Package: openclaw (npm) Affected: <= 2026.2.25 Fixed: >= 2026.2.26 (planned next npm release) Impact A command approved for one filesystem location could execute from a different location if a mutable parent symlink changed between approval and execution. Fix Added immutable approval-time plan preparation (system.run.prepare) and systemRunPlanV2 canonical fields (argv, cwd, agentId, sessionKey). Enforced canonical plan values through approval request storage and forwarding-time sanitization. Rejected mutable parent-symlink path components during approval-plan building to block symlink rebind bypass...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary For host=node executions, approval context could be bypassed after approval-time by rebinding a writable parent symlink in cwd while preserving the visible cwd string. Affected Packages / Versions Package: openclaw (npm) Affected: <= 2026.2.25 Fixed: >= 2026.2.26 (planned next npm release) Impact A command approved for one filesystem location could execute from a different location if a mutable parent symlink changed between approval and execution. Fix Added immutable approval-time plan preparation (system.run.prepare) and systemRunPlanV2 canonical fields (argv, cwd, agentId, sessionKey). Enforced canonical plan values through approval request storage and forwarding-time sanitization. Rejected mutable parent-symlink path components during approval-plan building to block symlink rebind bypass...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.