![[openclaw] OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows](/assets/images/github_com_1772501098025.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 1
[openclaw] OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows
By GitHub2026๋
3์ 3์ผ
**[openclaw] OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows**
Summary In approval-enabled host=node workflows, system.run approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input. Affected Packages / Versions Package: npm openclaw Latest published npm version at triage: 2026.2.25 Affected range: <= 2026.2.25 Planned fixed version (next npm release): 2026.2.26 Preconditions / Typical Exposure This requires all of the following: system.run usage through host=node Exec approvals enabled and used as an execution-integrity control Access to an approval id in the same context Most default single-operator local setups do not rely on this path, so practical exposure is typically lower. Details Approval matching now uses a required versioned binding (systemRunBindingV1) over command argv, cwd, agent/session context, and env hash. The fix: Requires commandArgv when requesting host=node approvals...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary In approval-enabled host=node workflows, system.run approvals did not always carry a strict, versioned execution-context binding. In uncommon setups that rely on these approvals as an integrity guardrail, a previously approved request could be reused with changed env input. Affected Packages / Versions Package: npm openclaw Latest published npm version at triage: 2026.2.25 Affected range: <= 2026.2.25 Planned fixed version (next npm release): 2026.2.26 Preconditions / Typical Exposure This requires all of the following: system.run usage through host=node Exec approvals enabled and used as an execution-integrity control Access to an approval id in the same context Most default single-operator local setups do not rely on this path, so practical exposure is typically lower. Details Approval matching now uses a required versioned binding (systemRunBindingV1) over command argv, cwd, agent/session context, and env hash. The fix: Requires commandArgv when requesting host=node approvals...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.