Description
OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.
Published: 2026-06-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions earlier than 2026.5.6 contain an allowlist bypass flaw in the macOS Swift execution feature that fails to validate combined POSIX inline-command flags. By supplying a combination of flag forms, an attacker can inject shell content that is not covered by the intended allowlist, thereby executing arbitrary commands. The weakness is a classic input validation failure (CWE‑184). The potential impact is the unauthorized execution of commands, affecting the confidentiality, integrity, or availability of the affected system depending on the command executed and operator configuration.

Affected Systems

All deployments of OpenClaw OpenClaw running a version earlier than 2026.5.6 on macOS are impacted. No additional version range is specified beyond the pre‑2026.5.6 cutoff.

Risk and Exploitability

The CVSS score of 5.3 places the vulnerability in the medium severity range. The EPSS score of less than 1% indicates a low probability of exploitation at the time of analysis, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is inferred to be local or privileged, as the vulnerability requires access to the Swift execution pathway; however, if that pathway is exposed externally, remote exploitation could be possible. Exploitation requires the attacker to use combined flag forms to bypass the allowlist, and it is contingent on operator configuration that permits command execution. Configuration that disables or tightly controls the Swift exec feature mitigates the risk; otherwise, an attacker could run arbitrary shell commands with the privileges of the OpenClaw process.

Generated by OpenCVE AI on June 17, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.6 or later. This release removes the allowlist bypass flaw.
  • If an immediate upgrade is not possible, reconfigure OpenClaw to disable the Swift exec feature or enforce a strict allowlist that rejects combined flag forms. This limits the attack surface for command injection.
  • Implement external controls such as macOS sandboxing or run OpenClaw under least‑privilege accounts to reduce the impact should an attacker bypass the existing checks.

Generated by OpenCVE AI on June 17, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-c226-q6fx-6j6c OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.
Title OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T03:56:04.944Z

Reserved: 2026-06-10T21:22:34.480Z

Link: CVE-2026-53861

cve-icon Vulnrichment

Updated: 2026-06-17T13:54:32.195Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:04.027

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs