PT-2026-21337

🗓️ 18 Feb 2026 00:00:00Reported by Positive TechnologiesType

OpenClaw prior to 2026.2.14 terminates processes by pattern without ownership checks; update to 2026.2.14 or later.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-27486	21 Feb 202609:32	–	attackerkb
ATTACKERKB	CVE-2026-35667	10 Apr 202616:03	–	attackerkb
Circl	CVE-2026-27486	10 Apr 202617:03	–	circl
CNNVD	OpenClaw 安全漏洞	21 Feb 202600:00	–	cnnvd
CNVD	OpenClaw has an unspecified vulnerability (CNVD-2026-13389)	2 Mar 202600:00	–	cnvd
CVE	CVE-2026-27486	21 Feb 202609:32	–	cve
Cvelist	CVE-2026-27486 OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup	21 Feb 202609:32	–	cvelist
EUVD	EUVD-2026-21480	10 Apr 202616:03	–	euvd
Github Security Blog	OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`	30 Mar 202618:30	–	github
Github Security Blog	OpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process Cleanup	18 Feb 202617:41	–	github

Source	Link
twitter	www.twitter.com/CVEnew/status/2042710243872752040
github	www.github.com/openclaw/openclaw/commit/6084d13b956119e3cf95daaf9a1cae1670ea3557
github	www.github.com/openclaw/openclaw/releases/tag/v2026.2.14
osv	www.osv.dev/vulnerability/GHSA-jfv4-h8mc-jcp8
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27486.json
twitter	www.twitter.com/dailycve/status/2038965208505319562
twitter	www.twitter.com/CVEnew/status/2025154162443399171
github	www.github.com/openclaw/openclaw/security/advisories/GHSA-jfv4-h8mc-jcp8
twitter	www.twitter.com/VulmonFeeds/status/2025165256989818882
twitter	www.twitter.com/CoyoteSecure/status/2028211943627256241

10 Apr 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.15.3

CVSS 44.3

EPSS0.00019

SSVC