top of page
perceptive_background_267k.jpg

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unr…

Published:

17 maart 2026 om 23:00:00

Alert date:

18 maart 2026 om 03:01:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools

OpenClaw versions prior to 2026.2.23 contain an execution approval bypass vulnerability in allowlist mode. The vulnerability allows attackers to circumvent allow-always grants through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads under the same multiplexer wrapper to satisfy stored allowlist rules, effectively bypassing intended execution restrictions. This represents a significant security control bypass that could allow unauthorized code execution.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22175
https://github.com/openclaw/openclaw/commit/a67689a7e3ad494b6637c76235a664322d526f9e
https://github.com/openclaw/openclaw/security/advisories/GHSA-gwqp-86q6-w47g
https://www.vulncheck.com/advisories/openclaw-exec-approval-bypass-via-unrecognized-multiplexer-shell-wrappers

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page