EUVD-2026-12718
GHSA-gwqp-86q6-w47g
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
4Description
OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads under the same multiplexer wrapper to satisfy stored allowlist rules, bypassing intended execution restrictions.
Analysis
OpenClaw contains an execution approval bypass vulnerability in allowlist mode that allows authenticated attackers to circumvent allow-always grants through unrecognized multiplexer shell wrappers like busybox and toybox. Attackers with low-level privileges can invoke arbitrary payloads under these multiplexer wrappers to satisfy stored allowlist rules while executing unintended commands. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running OpenClaw and identify instances in allowlist mode; disable allowlist mode if operationally feasible pending patching. Within 7 days: Apply vendor patch to upgrade OpenClaw to version 2026.2.23 or later across all affected systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today