OpenClaw versions before 2026.3.11 contain an approval integrity vulnerability that allows attackers to execute rewritten local code. The vulnerability occurs when exact file binding cannot occur, enabling attackers to modify scripts between approval and execution. Remote attackers can change approved local scripts before execution to achieve unintended code execution as the OpenClaw runtime user. This represents a significant security flaw in the approval process that can lead to unauthorized code execution.