Description
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized encoded-command alias forms to execute arbitrary PowerShell content.
Published: 2026-06-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.5.12 allow attackers who have authenticated privileges to bypass execution restrictions in PowerShell by using encoded-command arguments that employ abbreviated flag aliases not recognized by the allowlist parser. The result is that an attacker can run arbitrary PowerShell code through the application, compromising confidentiality, integrity, and availability of the affected system. The weakness is a flaw in the command line parsing logic, classified as CWE‑184, which permits bypass of a security control designed to limit runtime commands.

Affected Systems

The vulnerability affects OpenClaw installations using the openclaw product before the 2026.5.12 release. Any deployment of the openclaw application built on Node.js and running a version older than 2026.5.12 is susceptible. The relevant vendor product is OpenClaw:OpenClaw, and affected environments include all systems that run the default PowerShell support in OpenClaw.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the lack of an EPSS score or KEV listing suggests no publicly known exploits yet, but the attack can be performed by authenticated users. Remote authenticated operators can craft malicious encoded commands using unrecognized alias forms, thereby executing arbitrary PowerShell content. The absence of a publicly available exploit does not reduce the potential risk, as the attack path is straightforward for anyone with credentials to the OpenClaw deployment.

Generated by OpenCVE AI on June 13, 2026 at 00:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.12 or later to apply the fixed allowlist parser.
  • Restrict PowerShell encoded-command usage to authenticated users only and enforce the use of recognized flag aliases in the allowlist.
  • Disable or block execution of PowerShell encoded commands that contain unrecognized aliases in the OpenClaw configuration.

Generated by OpenCVE AI on June 13, 2026 at 00:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks by using unrecognized encoded-command alias forms to execute arbitrary PowerShell content.
Title OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-15T17:22:39.050Z

Reserved: 2026-06-10T21:19:32.651Z

Link: CVE-2026-53836

cve-icon Vulnrichment

Updated: 2026-06-15T17:22:35.821Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-12T22:16:55.413

Modified: 2026-06-16T00:22:56.360

Link: CVE-2026-53836

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T01:15:17Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs