Description
OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime.
Published: 2026-03-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Command Execution via Allowlist Bypass
Action: Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.2.23 contain a flaw that permits authenticated operators to bypass the system.run guardrails by using the command /usr/bin/env with the -S option. The vulnerability, identified as CWE-184, allows unintended commands to be executed with the privileges of the operator, enabling the launch of arbitrary shell wrapper payloads at runtime and potentially compromising the host system.

Affected Systems

The affected infrastructure is comprised of all deployments of OpenClaw:OpenClaw where the system.run allowlist includes /usr/bin/env and the software version is less than 2026.2.23. Only the OpenClaw product is listed as affected.

Risk and Exploitability

The issue has a CVSS score of 7.1, indicating high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated operator access and the ability to supply a system.run command. The bypass uses a benign system utility (/usr/bin/env) with the -S flag, enabling an attacker to execute malicious shell scripts once the guardrails are circumvented.

Generated by OpenCVE AI on March 19, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.23 or later to eliminate the allowlist bypass.
  • Remove /usr/bin/env from the system.run allowlist or restrict its usage to trusted contexts if the command is required.
  • Implement monitoring of system.run invocations and review audit logs for unusual activity.

Generated by OpenCVE AI on March 19, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-48wf-g7cp-gr3m OpenClaw has allowlist exec-guard bypass via env -S
History

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime.
Title OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-19T15:38:19.154Z

Reserved: 2026-03-10T19:48:11.110Z

Link: CVE-2026-31992

cve-icon Vulnrichment

Updated: 2026-03-19T15:38:08.620Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T02:16:04.070

Modified: 2026-03-19T19:00:06.310

Link: CVE-2026-31992

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:10:36Z

Weaknesses