Impact
OpenClaw versions earlier than 2026.5.6 contain an allowlist bypass flaw in the macOS Swift execution feature that fails to validate combined POSIX inline-command flags. By supplying a combination of flag forms, an attacker can inject shell content that is not covered by the intended allowlist, thereby executing arbitrary commands. The weakness is a classic input validation failure (CWE‑184). The potential impact is the unauthorized execution of commands, affecting the confidentiality, integrity, or availability of the affected system depending on the command executed and operator configuration.
Affected Systems
All deployments of OpenClaw OpenClaw running a version earlier than 2026.5.6 on macOS are impacted. No additional version range is specified beyond the pre‑2026.5.6 cutoff.
Risk and Exploitability
The CVSS score of 5.3 places the vulnerability in the medium severity range. The EPSS score of less than 1% indicates a low probability of exploitation at the time of analysis, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is inferred to be local or privileged, as the vulnerability requires access to the Swift execution pathway; however, if that pathway is exposed externally, remote exploitation could be possible. Exploitation requires the attacker to use combined flag forms to bypass the allowlist, and it is contingent on operator configuration that permits command execution. Configuration that disables or tightly controls the Swift exec feature mitigates the risk; otherwise, an attacker could run arbitrary shell commands with the privileges of the OpenClaw process.
OpenCVE Enrichment
Github GHSA