VDB
KO
HIGH 7.2

GHSA-3c6j-hq33-3jv4

OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance

Details

### Summary

OpenClaw nodes send lifecycle events back to the gateway. In affected releases, a paired node could send an exec lifecycle event that was accepted without enough provenance tying it to an authorized `system.run` request.

This issue affects the node event boundary. It does not allow an unauthenticated caller to reach the gateway; the attacker must already control a paired node connection.

### Affected configurations

This affects deployments with a paired node where that node can send crafted `node.event` messages to the gateway and the target agent/session can process exec lifecycle events.

### Impact

A malicious or compromised paired node could make the gateway treat attacker-supplied event data as an exec lifecycle result. In the vulnerable flow, that could steer the target session into an exec-event path that exposed capabilities the reduced node surface should not have provided.

The issue is a missing provenance check for node-originated lifecycle events.

### Patched Versions

The first stable patched version is `2026.5.18`.

### Mitigations

Upgrade to `openclaw@2026.5.18` or later. Pair nodes only from trusted environments, and remove/re-pair nodes that may have been compromised.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / openclaw
Introduced in: 0 Fixed in: 2026.5.18
Fix npm install openclaw@2026.5.18

References