Description
OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.
Published: 2026-06-16
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before version 2026.5.12 includes a flaw that bypasses the argument pattern validation in its exec allowlist, permitting attackers to supply disallowed arguments to allowlisted executables on Linux and macOS. This bypass can lead to unauthorized command execution, potentially granting the attacker access to sensitive files, network resources, or the ability to run arbitrary code. The weakness is categorized as a control failure related to argument validation (CWE‑693) and missing access control (CWE‑863).

Affected Systems

This vulnerability affects deployments of the OpenClaw application, specifically any installation of the OpenClaw software prior to release 2026.5.12. The affected vendor is OpenClaw, the product is OpenClaw. All systems running a vulnerable version on Linux or macOS are impacted.

Risk and Exploitability

The CVSS score for this issue is 7.6, indicating high severity, while the EPSS score of less than 1% suggests that exploitation is rare at the time of analysis. The vulnerability is not currently listed in CISA’s KEV catalog, meaning no documented public exploits exist. Attackers would need the ability to invoke allowlisted executables and supply bespoke arguments, so the likely attack vector is local or in contexts where command arguments are user‑controlled. Due to the high severity and the potential for remote command execution if an attacker can influence the arguments, organizations should consider this a critical risk for exposed or privileged environments.

Generated by OpenCVE AI on June 17, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.5.12 or newer, where the argument pattern bypass has been fixed.
  • If an update is not immediately possible, reconfigure or disable the exec allowlist, and enforce stricter argument patterns to limit which arguments can be passed to allowlisted binaries.
  • Monitor the system for attempts to execute allowlisted executables with unexpected or disallowed arguments, and investigate any anomalous activity promptly.

Generated by OpenCVE AI on June 17, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-v2ww-5rh7-2h5v OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
History

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted executables with unrestricted arguments, potentially enabling unauthorized file access, network access, or command execution.
Title OpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOS
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-693
CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T03:55:54.201Z

Reserved: 2026-06-10T21:21:12.125Z

Link: CVE-2026-53853

cve-icon Vulnrichment

Updated: 2026-06-16T18:44:33.691Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:02.650

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure

  • CWE-863

    Incorrect Authorization