2 matches found
CVE-2026-31993
OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...
Improper Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization in the system.run due to a parsing mismatch in allowlist checks for shell-chain payloads. An attacker can execute unauthorized shell commands on a paired macOS host...