OpenClaw
system.run env override RCE — allowlist bypass via GIT_SSH_COMMAND, editor hooks, GIT_CONFIG_*
GHSA-j425-whc4-4jgc: system.run env override RCE — allowlist bypass via GIT_SSH_COMMAND, editor hooks, GIT_CONFIG_*. CVSS 6.3, Medium severity. Reported and coordinated through the GitHub Security Advisory database.
This advisory is part of coordinated disclosures alongside 74 published CVEs and 5 Linux kernel patches. For methodology see research.
GHSA-j425-whc4-4jgc is a command-injection / allowlist-bypass advisory affecting OpenClaw's system.run primitive. By controlling well-known environment variables (GIT_SSH_COMMAND, EDITOR hooks, GIT_CONFIG_*), an attacker can cause an allowlisted binary to execute attacker-controlled commands, defeating the allowlist.
You are affected if you embed OpenClaw and rely on its system.run allowlist as a security boundary while permitting untrusted control of the environment passed to those processes.
Upgrade to the patched OpenClaw release. As mitigation, strip or pin the environment passed to system.run-invoked binaries — explicitly unset GIT_SSH_COMMAND, GIT_CONFIG_*, GIT_EDITOR, VISUAL, EDITOR and any other variable a permitted binary may honour.
Remote code execution by way of allowlist bypass. CVSS 6.3 Medium with scope change because the constrained runner crosses a trust boundary.
GitHub Security Advisories at https://github.com/advisories/GHSA-j425-whc4-4jgc and the upstream OpenClaw security tab.