What is CVE-2026-27545?

CVE-2026-27545 is a medium-severity vulnerability in Openclaw, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 6.1/10. Published 2026-03-18.

How severe is CVE-2026-27545?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Openclaw

CVE-2026-27545

OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks in the current worki…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.000 (8.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L.

Affected products

Openclaw — versions 0

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

GitHub Security Advisory (GHSA-f7ww-2725-qvw2) (third-party-advisory)
Patch Commit #1 (patch)
Patch Commit #2 (patch)
Patch Commit #3 (patch)
Patch Commit #4 (patch)
Patch Commit #5 (patch)
VulnCheck Advisory: OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind (third-party-advisory)

Frequently asked questions

What is CVE-2026-27545?: CVE-2026-27545 is a medium-severity vulnerability in Openclaw, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 6.1/10. Published 2026-03-18.
How severe is CVE-2026-27545?: Medium severity. CVSS v3 base score is 6.1 out of 10.