Description
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.
Published: 2026-06-16
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before version 2026.5.12 contains an allowlist bypass in its shell inline‑command parsing logic, permitting operators who are authenticated to execute arbitrary commands that would normally be blocked. The vulnerability arises when a parser case skips the intended allowlist check, leading to unapproved shell content being executed. This flaw enables an attacker with legitimate operator credentials to gain code execution privileges on the targeted system, potentially compromising confidentiality, integrity, and availability of the affected services.

Affected Systems

The vulnerability affects OpenClaw products listed under the OpenClaw:OpenClaw vendor/product identifier, specifically any installations running a version prior to 2026.5.12. The affected software is distributed via Node.js packages, as indicated by the common platform enumeration.

Risk and Exploitability

The CVSS score of 7.6 reflects a high severity for authenticated users, and the EPSS value of < 1% suggests a low probability of exploitation at present; however, the flaw remains unlisted in the CISA KEV catalog. Exploitation requires an attacker to be authenticated as an operator and to submit shell inline‑command requests that trigger the missing allowlist case. Once executed, unapproved commands run with the privileges of the operator, making the risk significant for any environment where operators have broad access.

Generated by OpenCVE AI on June 17, 2026 at 21:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.5.12 or later to eliminate the allowlist bypass.
  • Limit operator permissions so that only trusted users can submit shell inline‑command requests.
  • Verify that the allowlist configuration for shell commands is complete and that no parsing case is omitted; enforce strict validation of command inputs.

Generated by OpenCVE AI on June 17, 2026 at 21:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f397-5vjw-v2c2 OpenClaw: Shell inline-command parsing could miss an allowlist check
History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.
Title OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T03:56:10.573Z

Reserved: 2026-06-10T21:23:54.282Z

Link: CVE-2026-53866

cve-icon Vulnrichment

Updated: 2026-06-16T19:33:11.209Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:05.023

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53866

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses