Impact
OpenClaw before version 2026.5.12 contains an allowlist bypass in its shell inline‑command parsing logic, permitting operators who are authenticated to execute arbitrary commands that would normally be blocked. The vulnerability arises when a parser case skips the intended allowlist check, leading to unapproved shell content being executed. This flaw enables an attacker with legitimate operator credentials to gain code execution privileges on the targeted system, potentially compromising confidentiality, integrity, and availability of the affected services.
Affected Systems
The vulnerability affects OpenClaw products listed under the OpenClaw:OpenClaw vendor/product identifier, specifically any installations running a version prior to 2026.5.12. The affected software is distributed via Node.js packages, as indicated by the common platform enumeration.
Risk and Exploitability
The CVSS score of 7.6 reflects a high severity for authenticated users, and the EPSS value of < 1% suggests a low probability of exploitation at present; however, the flaw remains unlisted in the CISA KEV catalog. Exploitation requires an attacker to be authenticated as an operator and to submit shell inline‑command requests that trigger the missing allowlist case. Once executed, unapproved commands run with the privileges of the operator, making the risk significant for any environment where operators have broad access.
OpenCVE Enrichment
Github GHSA