A vulnerability classified as critical has been found in OpenClaw up to 2026.3.1 . The affected element is an unknown function of the component system.run node-host Execution . The manipulation leads to argument injection. This vulnerability is referenced as CVE-2026-29608 . The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.