Description
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass incomplete allowlist validation and execute arbitrary commands on the paired host.
Published: 2026-03-19
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution via Allowlist Bypass
Action: Patch
AI Analysis

Impact

Key detail from CVE description: OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch in the macOS companion app that allows authenticated operators to bypass exec approval checks. This flaw enables the creation of shell‑chain payloads that are incorrectly validated as allowed, leading to the execution of arbitrary commands on the paired macOS host. The vulnerability is identified as CWE‑184 and poses a potential compromise of confidentiality, integrity, and availability through privileged command execution.

Affected Systems

The affected systems are all OpenClaw releases before 2026.2.22. The macOS companion application in those versions permits the mis‑parsing of the allowlist. No other vendors or product lines are listed as affected.

Risk and Exploitability

Key detail from score data: CVSS Score 5.6 indicates a moderate risk level. Since EPSS data is not available and the exploit requires operator.write privileges and a paired macOS beta node, the likelihood of exploitation is limited to environments where such roles and nodes exist. The vulnerability is not listed in CISA’s KEV catalog, suggesting no confirmed wild exploits as of the available data.

Generated by OpenCVE AI on March 19, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.2.22 or newer to resolve the allowlist parsing mismatch.
  • Restrict operator.write privileges to trusted users only to reduce exposure to shell‑chain manipulation.

Generated by OpenCVE AI on March 19, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5f9p-f3w2-fwch OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass incomplete allowlist validation and execute arbitrary commands on the paired host.
Title OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 5.6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:56:25.397Z

Reserved: 2026-03-10T19:48:11.111Z

Link: CVE-2026-31993

cve-icon Vulnrichment

Updated: 2026-03-23T16:45:24.086Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T02:16:04.277

Modified: 2026-03-19T18:50:06.617

Link: CVE-2026-31993

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:10:35Z

Weaknesses