GHSA-JFV4-H8MC-JCP8

Vulnerability from github – Published: 2026-02-18 17:41 – Updated: 2026-02-23 22:28
VLAI?
Summary
OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup
Details

Summary

OpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: < 2026.2.14 (including the latest published version 2026.2.13)
  • Fixed: 2026.2.14 (planned next release)

Details

The CLI runner cleanup helpers could kill processes matched by command-line patterns without validating process ownership.

Fix

Process cleanup is now scoped to owned processes only by filtering to direct child PIDs of the current process (ppid == process.pid) before sending signals.

Hardening follow-ups: - Prefer graceful termination for resume cleanup (SIGTERM, then SIGKILL fallback). - Reduce false negatives from ps argv truncation by preferring wide output (ps -axww) with a fallback. - Tighten command-line token matching to avoid substring matches.

Fix Commit(s)

  • 6084d13b956119e3cf95daaf9a1cae1670ea3557
  • eb60e2e1b213740c3c587a7ba4dbf10da620ca66

Release Process Note

This advisory is pre-set with patched version 2026.2.14. After 2026.2.14 is published to npm, the remaining step should be to publish this advisory.

Thanks @aether-ai-agent for reporting.

Severity ?
4.3 (Medium)
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-283"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-18T17:41:09Z",
    "nvd_published_at": "2026-02-21T10:16:12Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nOpenClaw CLI process cleanup used system-wide process enumeration and pattern matching to terminate processes without verifying they were owned by the current OpenClaw process. On shared hosts, unrelated processes could be terminated if they matched the pattern.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `\u003c 2026.2.14` (including the latest published version `2026.2.13`)\n- Fixed: `2026.2.14` (planned next release)\n\n## Details\n\nThe CLI runner cleanup helpers could kill processes matched by command-line patterns without validating process ownership.\n\n## Fix\n\nProcess cleanup is now scoped to owned processes only by filtering to direct child PIDs of the current process (`ppid == process.pid`) before sending signals.\n\nHardening follow-ups:\n- Prefer graceful termination for resume cleanup (`SIGTERM`, then `SIGKILL` fallback).\n- Reduce false negatives from `ps` argv truncation by preferring wide output (`ps -axww`) with a fallback.\n- Tighten command-line token matching to avoid substring matches.\n\n## Fix Commit(s)\n\n- 6084d13b956119e3cf95daaf9a1cae1670ea3557\n- eb60e2e1b213740c3c587a7ba4dbf10da620ca66\n\n## Release Process Note\n\nThis advisory is pre-set with patched version `2026.2.14`. After `2026.2.14` is published to npm, the remaining step should be to publish this advisory.\n\nThanks @aether-ai-agent for reporting.",
  "id": "GHSA-jfv4-h8mc-jcp8",
  "modified": "2026-02-23T22:28:47Z",
  "published": "2026-02-18T17:41:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jfv4-h8mc-jcp8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27486"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/6084d13b956119e3cf95daaf9a1cae1670ea3557"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/eb60e2e1b213740c3c587a7ba4dbf10da620ca66"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.