OpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern.
openclaw (npm)< 2026.2.14 (including the latest published version 2026.2.13)2026.2.14 (planned next release)The CLI runner cleanup helpers could kill processes matched by command-line patterns without validating process ownership.
Process cleanup is now scoped to owned processes only by filtering to direct child PIDs of the current process (ppid == process.pid) before sending signals.
Hardening follow-ups:
- Prefer graceful termination for resume cleanup (SIGTERM, then SIGKILL fallback).
- Reduce false negatives from ps argv truncation by preferring wide output (ps -axww) with a fallback.
- Tighten command-line token matching to avoid substring matches.
This advisory is pre-set with patched version 2026.2.14. After 2026.2.14 is published to npm, the remaining step should be to publish this advisory.
Thanks @aether-ai-agent for reporting.
| Score | Percentile |
|---|---|
| 0.04% | 11.32% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 4.3 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-jfv4-h8mc-jcp8 ↗ |
| CVE | CVE-2026-27486 ↗ |
| CWE id | Name |
|---|---|
| CWE-283 | Unverified Ownership |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | < 2026.2.14 | 2026.2.14 | — |