DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-JFV4-H8MC-JCP8: OpenClaw: The Cleanup Crew That Killed Everyone Else's Processes

#security #cve #cybersecurity #ghsa

OpenClaw: The Cleanup Crew That Killed Everyone Else's Processes

Vulnerability ID: GHSA-JFV4-H8MC-JCP8
CVSS Score: 4.3
Published: 2026-02-18

A process safety vulnerability in the OpenClaw Personal AI Assistant allowed the CLI runner to terminate arbitrary processes on the local system. By relying on loose regex matching of command-line arguments without verifying process lineage (PPID) or ownership, OpenClaw could accidentally execute a Denial of Service (DoS) against other users on shared environments.

TL;DR

OpenClaw < 2026.2.14 used a 'search and destroy' method to clean up stale agents, matching processes by name rather than ID. On shared servers, this meant it could kill unrelated processes belonging to other users if they shared similar command-line arguments. The fix implements strict Parent PID (PPID) verification.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-283
  • Attack Vector: Local (AV:L)
  • CVSS v4.0: 4.3 (Medium)
  • Privileges Required: Low (PR:L)
  • Impact: Denial of Service (DoS)
  • Exploit Maturity: Proof-of-Concept

Affected Systems

  • OpenClaw Personal AI Assistant (npm package)
  • Node.js environments hosting OpenClaw
  • Shared hosting / Multi-tenant Linux servers
  • openclaw: < 2026.2.14 (Fixed in: 2026.2.14)

Code Analysis

Commit: 6084d13

fix: harden process cleanup logic with PPID check

- execSync('ps aux | grep ...')
+ execSync('ps -axww -o pid,ppid,args')
Enter fullscreen mode Exit fullscreen mode

Commit: eb60e2e

test: add unit tests for process lineage verification

+ expect(mockKill).not.toHaveBeenCalled()
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Internal: Internal unit tests demonstrating the false-positive matching behavior

Mitigation Strategies

  • Upgrade to version 2026.2.14 immediately.
  • Avoid running development tools with process management capabilities on shared production servers.
  • Use containerization (Docker/Podman) to isolate OpenClaw instances, rendering local process killing harmless to the host.

Remediation Steps:

  1. Run npm audit to identify the vulnerable package.
  2. Update the dependency: npm install openclaw@2026.2.14 or yarn upgrade openclaw.
  3. Verify the installed version: npm list openclaw should return 2026.2.14.

References

Read the full report for GHSA-JFV4-H8MC-JCP8 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)