GHSA-3c6j-hq33-3jv4
OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance
Details
### Summary
OpenClaw nodes send lifecycle events back to the gateway. In affected releases, a paired node could send an exec lifecycle event that was accepted without enough provenance tying it to an authorized `system.run` request.
This issue affects the node event boundary. It does not allow an unauthenticated caller to reach the gateway; the attacker must already control a paired node connection.
### Affected configurations
This affects deployments with a paired node where that node can send crafted `node.event` messages to the gateway and the target agent/session can process exec lifecycle events.
### Impact
A malicious or compromised paired node could make the gateway treat attacker-supplied event data as an exec lifecycle result. In the vulnerable flow, that could steer the target session into an exec-event path that exposed capabilities the reduced node surface should not have provided.
The issue is a missing provenance check for node-originated lifecycle events.
### Patched Versions
The first stable patched version is `2026.5.18`.
### Mitigations
Upgrade to `openclaw@2026.5.18` or later. Pair nodes only from trusted environments, and remove/re-pair nodes that may have been compromised.
Are you affected?
Enter the version of the package you're using.