CVE 8.7 HIGH

OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution_CVE-2026-43530

May 5, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.

AI Analysis

Weakened exec approval binding vulnerability in busybox and toybox applet execution

Basic Information

ID CVE-2026-43530

Source VulnCheck

Published May 5, 2026 at 11:25

Affected Product

Vendor OpenClaw

Product OpenClaw

Version 2026.2.23

Affected Versions OpenClaw OpenClaw 2026.2.23

CWE Classification

CWE-863

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor OpenClaw

Product OpenClaw

Version 2026.2.23

References

{
    "lastseen": "",
    "description": "OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.",
    "published": "2026-05-05T11:25:01.066Z",
    "modified": "2026-05-05T11:25:01.066Z",
    "type": "cve",
    "title": "OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution",
    "source": "VulnCheck",
    "references": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44\nhttps://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9\nhttps://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution",
    "id": "CVE-2026-43530",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "OpenClaw OpenClaw 2026.2.23",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenClaw",
    "version": "2026.2.23",
    "vendor": "OpenClaw",
    "ai_description": "Weakened exec approval binding vulnerability in busybox and toybox applet execution",
    "ai_severity": "High",
    "ai_vendor": "OpenClaw",
    "ai_product": "OpenClaw",
    "ai_version": "2026.2.23",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply