Description
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while executing non-allowlisted commands.
Published: 2026-03-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the system.run execution routine. The flaw causes the runtime to fail to unwrap environment and shell‑dispatch wrapper chains, so an attacker can use wrapper binaries such as "env bash" to disguise non‑allowlisted commands. This allows malicious payloads to be executed while appearing to meet allowlist requirements, granting the attacker the ability to execute arbitrary commands on the host system. The weakness is identified as CWE‑78 – OS Command Injection.

Affected Systems

The affected product is OpenClaw:OpenClaw. All installations of OpenClaw with a version earlier than 2026.2.22 are vulnerable. The CVE data does not specify additional sub‑versions or platform constraints, but the Common Platform Enumeration (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*) indicates a Node.js runtime environment for the affected product.

Risk and Exploitability

The CVSS score is 7.1, indicating a high risk of exploitation. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly documented exploitation yet. The likely attack vector is local or indirect, requiring an attacker to influence a call to system.run. If system.run is exposed to untrusted input, the vulnerability can be abused to execute arbitrary commands without requiring additional privileges, presenting a serious threat to confidentiality, integrity, and availability of the affected system.

Generated by OpenCVE AI on March 19, 2026 at 02:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.22 or later.
  • If immediate upgrade is not feasible, restrict or disable the use of system.run for untrusted input until a patch is applied.

Generated by OpenCVE AI on March 19, 2026 at 02:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jj82-76v6-933r OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
History

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while executing non-allowlisted commands.
Title OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-19T16:07:05.111Z

Reserved: 2026-02-20T13:39:35.982Z

Link: CVE-2026-27566

cve-icon Vulnrichment

Updated: 2026-03-19T16:07:00.762Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T02:16:01.967

Modified: 2026-03-19T19:20:08.013

Link: CVE-2026-27566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:51:36Z

Weaknesses