CVE-2026-27566
published 2026-03-19CVE-2026-27566: OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.42%
33.5th percentile
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while executing non-allowlisted commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | < 2026.2.22 | 2026.2.22 |
| openclaw | openclaw | >= 0 < 2026.2.22 | 2026.2.22 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect execution chains where a wrapper binary such as 'env' or 'bash' is used to smuggle non-allowlisted commands through OpenClaw's system.run exec allowlist analysis ↗
- →Flag OpenClaw (package: openclaw) versions prior to 2026.2.22 as vulnerable; look for the allowlist bypass pattern in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains ↗
- ·The vulnerability specifically affects the system.run exec analysis component — allowlist configurations in OpenClaw are bypassable if they do not account for env and shell-dispatch wrapper chains; the fix is available in version 2026.2.22 and later ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
ghsa·2026-03-03
CVE-2026-27566 [HIGH] CWE-78 OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
### Summary
`system.run` exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap `env`/shell-dispatch wrappers.
This allowed wrapper-smuggled payloads (for example `env bash -lc ...`) to satisfy an allowlist entry for the wrapper while executing non-allowlisted commands.
### Impact
On affected versions, an actor who can trigger `system.run` requests under an allowlist policy could bypass intended allowlist restrictions by routing execution through wrapper binaries.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `= 2026.2.22`).
After npm `2026.2.22` is published, this advisory can be published directly without further metadata edits
OSV
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
osv·2026-03-03
CVE-2026-27566 [HIGH] OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
### Summary
`system.run` exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap `env`/shell-dispatch wrappers.
This allowed wrapper-smuggled payloads (for example `env bash -lc ...`) to satisfy an allowlist entry for the wrapper while executing non-allowlisted commands.
### Impact
On affected versions, an actor who can trigger `system.run` requests under an allowlist policy could bypass intended allowlist restrictions by routing execution through wrapper binaries.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `= 2026.2.22`).
After npm `2026.2.22` is published, this advisory can be published directly without further metadata edits
No detection rules found.
No public exploits indexed.
2026-03-19
Published