N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-vffc-f7r7-rx2w

GHSA-vffc-f7r7-rx2w: OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary

A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg() uses an incorrect whitespace-matching regex. This allows newline injection to break out of an Environment= line and inject standalone systemd directives (for example, ExecStartPre=). On service restart, the injected command is executed, resulting in local arbitrary command execution (local RCE) under the gateway service user.

Details

The issue is in src/daemon/systemd-unit.ts:

renderEnvLines(...) builds:
Environment=${systemdEscapeArg(${key}=${value})}
No CR/LF validation is enforced for environment keys/values before writing unit lines.
systemdEscapeArg(...) uses:
/[\\s"\\\\]/
In this regex, \\s is interpreted as a literal backslash + s, not a whitespace character class. As a result, whitespace detection/quoting behavior is incorrect. Because systemd parses unit files line-by-line, a newline inside an environment value can inject an additional directive line. Example rendered output:

Environment=INJECT=ok
ExecStartPre=/bin/touch /tmp/oc15789_rce

At restart time, systemd executes ExecStartPre, enabling command execution.

Relevant code path/components involved in exploitation chain:

src/daemon/systemd-unit.ts
src/commands/daemon-install-helpers.ts
src/config/env-vars.ts
src/config/zod-schema.ts

Trigger conditions:

Attacker can influence config.env.vars (directly or indirectly).
Install/reinstall path is invoked to write/update the unit.
Service restart occurs (systemctl --user restart ...).

PoC

Environment: Linux host with systemd user services enabled.

Configure a malicious environment value in OpenClaw config (config.env.vars), including a newline and injected directive:

Key: INJECT
Value:

ok
ExecStartPre=/bin/touch /tmp/oc15789_rce

Install/reinstall the gateway service (fixed port as requested):

openclaw gateway install --port 15789 --force

Inspect the generated user unit file (default path):

~/.config/systemd/user/openclaw-gateway.service

Verify that an injected standalone line exists:

ExecStartPre=/bin/touch /tmp/oc15789_rce

Reload and restart user service:

systemctl --user daemon-reload

systemctl --user restart openclaw-gateway.service

Confirm command execution side effect:

ls -l /tmp/oc15789_rce

Impact

This is a local command execution vulnerability in OpenClaw’s systemd unit generation during install/reinstall flows.

Type: Command injection via newline/directive injection in unit file generation.
Execution context: Runs with the same privileges as the OpenClaw gateway service user.
Affected users: Linux deployments using systemd user services where an attacker can control config.env.vars and trigger install/reinstall.

Fix Commit(s)

61f646c41fb43cd87ed48f9125b4718a30d38e84

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-vffc-f7r7-rx2w

GHSA-vffc-f7r7-rx2w:

N/A

CVSS Score

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
openclaw	npm	<= 2026.2.19-2	2026.2.21

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a command injection flaw in OpenClaw's systemd unit file generation process. The root cause is the failure to sanitize or reject newline characters in values that are used to construct the unit file, specifically environment variables and the service description. An attacker who can control these values can inject newlines followed by arbitrary systemd directives (e.g., ExecStartPre=). When the service is restarted, systemd parses the malicious unit file and executes the injected commands.

The analysis of the patch commit 61f646c41fb43cd87ed48f9125b4718a30d38e84 confirms this. The core changes are in src/daemon/systemd-unit.ts:

A new function, assertNoSystemdLineBreaks, is introduced to explicitly check for and reject carriage return (CR) and line feed (LF) characters.
The renderEnvLines function, which is responsible for creating Environment= lines, is modified to use assertNoSystemdLineBreaks on both the keys and values of environment variables before processing them. This directly mitigates the primary attack vector.
The buildSystemdUnit function, which assembles the complete unit file, is also updated to validate the description field using the same newline check.
The systemdEscapeArg function, which was also implicated in the vulnerability description due to an incorrect regex, now also includes the newline validation check.

Based on these changes, the functions renderEnvLines, systemdEscapeArg, and buildSystemdUnit are identified as the key components involved in the vulnerability. During exploitation, these functions would be called to process the malicious input and generate the compromised systemd service file.

Vulnerable functions

renderEnvLines

src/daemon/systemd-unit.ts

This function was vulnerable because it processed environment variable keys and values without sanitizing or rejecting newline characters. An attacker could provide a value with a newline to inject additional directives into the generated systemd unit file. The patch adds the `assertNoSystemdLineBreaks` check to prevent this.

systemdEscapeArg

src/daemon/systemd-unit.ts

According to the vulnerability description, this function used an incorrect regex for whitespace matching (`/[\\s"\\]/`), which contributed to the vulnerability. The function was responsible for escaping arguments, but it failed to handle newlines properly, allowing for injection. The patch adds a call to `assertNoSystemdLineBreaks` to validate the input.

buildSystemdUnit

src/daemon/systemd-unit.ts

This function orchestrates the creation of the systemd unit file. It was vulnerable because it used the `description` field without validating it for newline characters, creating another vector for injection. It also calls the vulnerable `renderEnvLines` function. The patch adds a check using `assertNoSystemdLineBreaks` for the description.

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-vffc-f7r7-rx2w: OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary

Details

PoC

Impact

Fix Commit(s)

GHSA-vffc-f7r7-rx2w:

N/A

-

Basic Information

Basic Information

Is this CVE running in your environment?

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

Vulnerability IntelligenceMiggo AI

Unlock WAF rules for this CVE

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

N/A

N/A

Basic Information

Basic Information

Technical Details

GHSA-vffc-f7r7-rx2w: OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary

Details

PoC

Impact

Fix Commit(s)

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI