Description
OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.
Published: 2026-06-12
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.5.18 contain a policy enforcement flaw in the system.run safe‑bin allowlist validation. The flaw allows shell metacharacters in authorized commands to be interpreted by the shell, enabling the command to reference unintended node‑local files. An authenticated operator can therefore read configuration or other sensitive data that should not be accessible through the approved command set. This vulnerability provides a confidentiality breach by exposing files on the local filesystem without granting further privileges.

Affected Systems

The legacy OpenClaw application on node.js platforms is vulnerable. Any installation of OpenClaw older than 2026.5.18 running on POSIX systems is affected; versions 2026.5.18 and newer are not susceptible.

Risk and Exploitability

The CVSS score of 7.6 marks this issue as High. An EPSS score of < 1% indicates a very low likelihood of exploitation, but the lack of inclusion in the KEV catalog and the need for authenticated operators suggest a moderate likelihood of exploitation in environments where operators have unwarranted file read capabilities. Exploitation requires local access and valid user credentials; an attacker would craft a command containing shell metacharacters to leak file contents via the approved system.run interface.

Generated by OpenCVE AI on June 17, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.5.18 or later to receive the corrected safe‑bin allowlist validation.
  • If upgrading is not immediately possible, restrict the set of operators that can use system.run or limit the commands permitted in the safe‑bin allowlist to avoid shell metacharacters and enforce literal strings.
  • Apply additional OS‑level controls such as file‑system permissions or SELinux/AppArmor profiles to prevent unprivileged users from reading configuration files leaked by the flaw.

Generated by OpenCVE AI on June 17, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Mon, 15 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-local files and expose sensitive configuration data.
Title OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-367
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-15T12:54:00.497Z

Reserved: 2026-06-10T21:16:58.211Z

Link: CVE-2026-53831

cve-icon Vulnrichment

Updated: 2026-06-15T12:53:56.282Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-12T22:16:54.643

Modified: 2026-06-16T00:45:31.653

Link: CVE-2026-53831

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T23:30:04Z

Weaknesses