CVE-2026-28455

...

CVE-2026-28455

OpenClaw vulnerable before 2026.2.22 due to an allowlist bypass in system.run exec analysis. The flaw allows attackers to route execution through wrapper binaries (e.g., env, bash) and bypass intended allowlist restrictions by failing to unwrap env and shell-dispatch wrapper chains. Affected prod...

PT-2026-27224

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run process when handling dispatch wrappers with exactly four transparent wrappers such as repeated env invocations before /bin/sh -c. An attacker ca...

GHSA-JJ82-76V6-933R OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

Summary system.run exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap env/shell-dispatch wrappers. This allowed wrapper-smuggled payloads for example env bash -lc ... to satisfy an allowlist entry for the wrapper while executing non-allowlisted...

OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

Summary system.run exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap env/shell-dispatch wrappers. This allowed wrapper-smuggled payloads for example env bash -lc ... to satisfy an allowlist entry for the wrapper while executing non-allowlisted...