CVE-2026-44115 affects OpenClaw versions before 2026.4.22, containing an exec allowlist analysis vulnerability. The flaw allows attackers to bypass allowlist validation by embedding shell expansion tokens in unquoted heredoc bodies. This enables execution of unapproved commands at runtime, potentially leading to unauthorized code execution. The vulnerability specifically targets the allowlist mechanism that is designed to prevent unauthorized command execution. Attackers can exploit this by hiding shell expansion within heredoc constructs that are not properly validated.