Description
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution syntax within double-quoted text to bypass security restrictions and execute arbitrary commands on the system.
Published: 2026-03-18
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.22 on macOS node-host contain an allowlist bypass that enables remote attackers to execute commands not on the allowlist by using command substitution inside double‑quoted strings. The vulnerability stems from improper parsing of command substitution tokens, leading to arbitrary command execution. The weakness corresponds to CWE‑78, which describes code injection through operating system command execution.

Affected Systems

The affected vendor is OpenClaw; the product is OpenClaw. All releases earlier than version 2026.2.22 are vulnerable. The CPE identifier is cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*. Users should upgrade to version 2026.2.22 or later to resolve the flaw.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating high severity, but the EPSS score is not available and it is not listed in KEV, suggesting limited public exploitation data. The likely attack vector is remote, where an attacker crafts a shell payload containing command substitution syntax within double‑quoted text to bypass the allowlist. Once executed, the attacker can run arbitrary system commands, compromising confidentiality, integrity, and availability of the host.

Generated by OpenCVE AI on March 18, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.22 or newer
  • If an immediate upgrade is not possible, restrict the use of system.run to only allowlisted commands and disable command substitution parsing
  • Limit remote access to the node‑host and monitor logs for suspicious command executions

Generated by OpenCVE AI on March 18, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9p38-94jf-hgjj OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution syntax within double-quoted text to bypass security restrictions and execute arbitrary commands on the system.
Title OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:32:59.376Z

Reserved: 2026-01-06T16:47:17.181Z

Link: CVE-2026-22179

cve-icon Vulnrichment

Updated: 2026-03-18T16:00:51.684Z

cve-icon NVD

Status : Modified

Published: 2026-03-18T02:16:22.377

Modified: 2026-03-25T15:16:36.730

Link: CVE-2026-22179

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:53:39Z

Weaknesses