OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode. The flaw allows allow‑always grants to be circumvented by exploiting unrecognized multiplexer shell wrappers such as busybox and toybox sh -c. By invoking arbitrary payloads under the same multiplexer wrapper, attackers can satisfy stored allowlist rules and execute commands that are otherwise prohibited. This represents a direct arbitrary command execution risk that could lead to full system compromise. The weakness is classified as CWE‑184 (Uncontrolled Format String).

The vulnerability affects the OpenClaw product line from vendor OpenClaw. It applies to all OpenClaw releases earlier than version 2026.2.23, including any deployments that rely on allowlist mode for command execution control. Multiplexer shell wrappers such as busybox or toybox may exist in the environment and trigger the exploit.

The CVSS score of 7.1 indicates a moderate‑high severity, and the lack of EPSS data means the exploitation likelihood cannot be quantified from the CVE entry. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves an attacker gaining the ability to run shell commands under an unrecognized multiplexer; therefore the vulnerability could be exploited through a local or remote code execution pathway depending on the system’s configuration. Once the attacker can invoke a shell wrapper, the allowlist bypass grants them full command‑execution privileges.