Description
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.
Published: 2026-06-12
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.5.18 contain a policy enforcement flaw in the system.run safe‑bin allowlist validation. The flaw allows shell metacharacters in authorized commands to be interpreted by the shell, enabling the command to reference unintended node‑local files. An authenticated operator can therefore read configuration or other sensitive data that should not be accessible through the approved command set. This vulnerability provides a confidentiality breach by exposing files on the local filesystem without granting further privileges.

Affected Systems

The legacy OpenClaw application on node.js platforms is vulnerable. Any installation of OpenClaw older than 2026.5.18 running on POSIX systems is affected; versions 2026.5.18 and newer are not susceptible.

Risk and Exploitability

The CVSS score of 7.6 marks this issue as High. No EPSS score is available, but the lack of inclusion in the KEV catalog and the need for authenticated operators suggest a moderate likelihood of exploitation in environments where operators have unwarranted file read capabilities. Exploitation requires local access and valid user credentials; an attacker would craft a command containing shell metacharacters to leak file contents via the approved system.run interface.

Generated by OpenCVE AI on June 12, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.5.18 or later to receive the corrected safe‑bin allowlist validation.
  • If upgrading is not immediately possible, restrict the set of operators that can use system.run or limit the commands permitted in the safe‑bin allowlist to avoid shell metacharacters and enforce literal strings.
  • Apply additional OS‑level controls such as file‑system permissions or SELinux/AppArmor profiles to prevent unprivileged users from reading configuration files leaked by the flaw.

Generated by OpenCVE AI on June 12, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.
Title OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-12T21:56:56.465Z

Reserved: 2026-06-10T21:16:58.211Z

Link: CVE-2026-53831

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:54.643

Modified: 2026-06-12T22:16:54.643

Link: CVE-2026-53831

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T23:45:26Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition