How to fix CVE-2026-27487?

Within 24 hours: Inventory all macOS systems running OpenClaw and identify affected versions. Within 7 days: Apply the available patch to all vulnerable OpenClaw instances and validate successful updates. Within 30 days: Conduct credential audit to ensure no unauthorized access occurred during the vulnerability window and implement additional monitoring for suspicious keychain access patterns.

Is macOS affected by CVE-2026-27487?

OpenClaw users on macOS running version 2026.2.13 or below face a command injection vulnerability that could allow attackers to compromise stored credentials and gain unauthorized access to sensitive systems.

CVE-2026-27487

HIGH

2026-02-21 [email protected]

GHSA-4564-pvr2-qq4h

7.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

Patch Released

Feb 23, 2026 - 20:41 nvd

Patch available

CVE Published

Feb 21, 2026 - 10:16 nvd

HIGH 7.6

Description

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14.

Analysis

OpenClaw AI assistant on macOS versions 2026.2.13 and earlier is vulnerable to command injection through the credential refresh mechanism, which improperly handles user-controlled OAuth tokens when constructing shell commands for Keychain operations. An authenticated attacker with local access could exploit this to execute arbitrary OS commands with the privileges of the application user. …

Remediation

Within 24 hours: Inventory all macOS systems running OpenClaw and identify affected versions. Within 7 days: Apply the available patch to all vulnerable OpenClaw instances and validate successful updates. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2026-27487 vulnerability details – vuln.today

Back

CVE-2026-27487

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-27487

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code