EUVD-2026-14559
GHSA-8px9-wr67-9w6f
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
4Description
OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions.
Analysis
OpenClaw before version 2026.2.22 contains an allowlist bypass vulnerability in its system.run exec analysis functionality that fails to properly unwrap environment variable and shell-dispatch wrapper chains. Attackers with local access and limited privileges can exploit this to route command execution through wrapper binaries such as env or bash, allowing them to smuggle payloads past the intended allowlist restrictions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running system.run exec analysis that fails to unwrap env and shell- and apply vendor patches as part of regular patch cycle. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today