Description
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.
Published: 2026-06-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions before 2026.5.18 allow an attacker to modify shell wrapper command arguments after they have been approved by an allowlist, enabling the execution of arbitrary command shapes that were not originally authorized. The flaw, identified as CWE-367 and CWE-77, can lead to the injection of malicious commands, compromising the confidentiality, integrity, or availability of the system. It is inferred that the vulnerability is limited to components that rely on the shell wrapper, but the impact can extend across the entire application if the wrapper is part of critical operational paths.

Affected Systems

The affected product is OpenClaw by OpenClaw, specifically any deployment running a version earlier than 2026.5.18.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. The EPSS score is less than 1%, indicating a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is interfaces that forward user input to the shell wrapper, exploiting the discrepancy between approval and execution. This inference is based on the description’s emphasis on modification between approval and execution.

Generated by OpenCVE AI on June 18, 2026 at 01:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.18 or later, where the shell wrapper argument validation has been fixed
  • If an upgrade is not immediately possible, remove or disable the shell wrapper for operations that do not require it, ensuring all command execution paths use a safe, non-shell based method
  • Apply strict input validation and enforce allowlist checks before any command is passed to the wrapper, guarding against manipulation between approval and execution

Generated by OpenCVE AI on June 18, 2026 at 01:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.
Title OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-15T18:26:06.830Z

Reserved: 2026-06-10T21:16:07.495Z

Link: CVE-2026-53822

cve-icon Vulnrichment

Updated: 2026-06-15T18:25:59.732Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-12T22:16:53.317

Modified: 2026-06-16T02:52:56.123

Link: CVE-2026-53822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:00:05Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')