Description
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.
Published: 2026-06-12
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions before 2026.5.18 allow an attacker to modify shell wrapper command arguments after they have been approved by an allowlist, enabling the execution of arbitrary command shapes that were not originally authorized. The flaw, identified as CWE-367, can lead to the injection of malicious commands, compromising the confidentiality, integrity, or availability of the system. The vulnerability is limited to components that rely on the shell wrapper, but the impact can extend across the entire application if the wrapper is part of critical operational paths.

Affected Systems

The affected product is OpenClaw by OpenClaw, specifically any deployment running a version earlier than 2026.5.18.

Risk and Exploitability

The CVSS score of 8.7 classifies this flaw as high severity. While an EPSS score is not available and it has not been listed in the CISA KEV catalog, the potential for remote code execution and the lack of mitigation mechanisms suggest a significant risk. Attackers would likely target any interface that forwards user inputs to the shell wrapper, exploiting the discrepancy between approval and execution to run unapproved commands.

Generated by OpenCVE AI on June 12, 2026 at 23:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.18 or later, where the shell wrapper argument validation has been fixed
  • If an upgrade is not immediately possible, remove or disable the shell wrapper for operations that do not require it, ensuring all command execution paths use a safe, non-shell based method
  • Apply strict input validation and enforce allowlist checks before any command is passed to the wrapper, guarding against manipulation between approval and execution

Generated by OpenCVE AI on June 12, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.
Title OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-12T21:56:50.258Z

Reserved: 2026-06-10T21:16:07.495Z

Link: CVE-2026-53822

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:53.317

Modified: 2026-06-12T22:16:53.317

Link: CVE-2026-53822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T01:30:17Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition