![[openclaw] OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway](/assets/images/github_com_1772501087753.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 1
[openclaw] OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway
By GitHub2026๋
3์ 3์ผ
**[openclaw] OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway**
Summary A remote code execution (RCE) vulnerability in the gateway-to-node invocation path allowed an authenticated gateway client to bypass node-host exec approvals by injecting internal control fields into node.invoke parameters. Affected Component Gateway method: node.invoke for node command system.run Node host runner: exec approval gating for system.run Impact If an attacker can authenticate to a gateway (for example via a leaked/shared gateway token or a paired device token with operator.write), they could execute arbitrary commands on connected node hosts that support system.run. This can lead to full compromise of developer workstations, CI runners, and servers running the node host. Technical Details The gateway forwarded user-controlled params to node hosts without sanitizing internal approval fields. The node host treated params.approved === true and/or params.approvalDecision as sufficient to skip the approval workflow...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary A remote code execution (RCE) vulnerability in the gateway-to-node invocation path allowed an authenticated gateway client to bypass node-host exec approvals by injecting internal control fields into node.invoke parameters. Affected Component Gateway method: node.invoke for node command system.run Node host runner: exec approval gating for system.run Impact If an attacker can authenticate to a gateway (for example via a leaked/shared gateway token or a paired device token with operator.write), they could execute arbitrary commands on connected node hosts that support system.run. This can lead to full compromise of developer workstations, CI runners, and servers running the node host. Technical Details The gateway forwarded user-controlled params to node hosts without sanitizing internal approval fields. The node host treated params.approved === true and/or params.approvalDecision as sufficient to skip the approval workflow...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.