CVE-2026-27487
OS Command Injection in OpenClaw macOS Keychain Credential Refresh
Publication date: 2026-02-21
Last updated on: 2026-02-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-27487 is a high-severity OS command injection vulnerability in the OpenClaw personal AI assistant on macOS platforms, specifically in versions up to 2026.2.13.
The vulnerability occurs in the Claude CLI keychain credential refresh process, where a shell command is constructed to write updated OAuth token data into the macOS Keychain using the command `security add-generic-password -w ...`.
Because OAuth tokens are user-controlled data, the shell command construction allowed attackers to inject malicious shell commands by including shell metacharacters such as command substitutions `$(...)` or backticks `` `...` `` in the token values.
This flaw enabled arbitrary command execution with the privileges of the user running the OpenClaw CLI.
The vulnerability was fixed in version 2026.2.14 by replacing the unsafe shell command execution (`execSync`) with a safer direct binary invocation (`execFileSync`) that passes arguments as an array, preventing shell interpretation and injection.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized execution of arbitrary commands on your macOS system with the privileges of the OpenClaw user.
An attacker controlling OAuth token values could exploit this to execute malicious shell commands, potentially leading to:
- Unauthorized access to sensitive data stored on the system.
- Modification or corruption of data and credentials.
- Partial denial of service or disruption of availability.
The CVSS v3.1 base score of 7.6 reflects high confidentiality and integrity impacts, with low availability impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves OS command injection via the macOS `security add-generic-password` command used by the OpenClaw Claude CLI keychain credential refresh process. Detection involves checking if the vulnerable versions (2026.2.13 and below) of OpenClaw are running on macOS systems.
Specifically, detection can focus on identifying if the vulnerable CLI is executing shell commands with user-controlled OAuth tokens that might contain shell metacharacters such as `$()` or backticks. Since the vulnerability arises from command injection in the shell command construction, monitoring for suspicious or unexpected invocations of the `security` command with unusual arguments could help.
Suggested commands to detect potential exploitation or presence of the vulnerable code include:
- Check the installed OpenClaw version: `openclaw --version` or check the package version in your environment.
- Search running processes for usage of the `security` command related to OpenClaw: `ps aux | grep security` or `ps aux | grep openclaw`.
- Audit shell command invocations that include suspicious OAuth token patterns, for example by reviewing logs or using system auditing tools to detect commands containing `$(` or backticks.
- Use macOS audit or monitoring tools to track calls to `security add-generic-password` and inspect arguments for suspicious content.
Note that no specific detection commands or scripts are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.2.14 or later, where the vulnerability has been fixed.
The fix replaces the vulnerable shell command execution using `execSync` with a safer direct binary invocation using `execFileSync`, which prevents shell injection by passing arguments as literal strings rather than shell-interpreted commands.
Additional immediate steps include:
- Avoid using vulnerable versions (2026.2.13 and below) of OpenClaw on macOS systems.
- If upgrading is not immediately possible, restrict or monitor usage of the Claude CLI keychain credential refresh functionality to prevent exploitation.
- Audit and restrict OAuth token inputs to prevent injection of shell metacharacters.
- Implement monitoring to detect suspicious command executions involving the `security` command.
Ultimately, upgrading to the fixed version is the recommended and most effective mitigation.