CVE-2026-44115
OpenClaw exec allowlist bypass via heredoc shell expansion
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.4.22 and involves an exec allowlist analysis flaw. Specifically, it allows attackers to bypass the allowlist validation by embedding shell expansion tokens within unquoted heredoc bodies. This means that malicious shell commands can be hidden inside heredoc sections that are not properly quoted, enabling execution of commands that should be blocked at runtime.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because attackers can execute unapproved commands on the affected system by bypassing the allowlist. This can lead to unauthorized command execution, potentially compromising system integrity, confidentiality, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OpenClaw allows attackers to bypass allowlist validation and execute unapproved commands at runtime, potentially leading to unintended shell behavior and exposure of sensitive information.
Exposure of sensitive information due to this vulnerability could impact compliance with regulations such as GDPR and HIPAA, which require protection of personal and sensitive data from unauthorized access or disclosure.
Specifically, the vulnerability is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating a risk of sensitive data leakage that could violate data protection standards.
Therefore, organizations using vulnerable versions of OpenClaw may face increased risk of non-compliance with data protection regulations if this vulnerability is exploited.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves shell expansion tokens hidden inside unquoted heredoc bodies that bypass exec allowlist validation. Detection requires analyzing shell commands that use heredocs to identify unquoted heredoc bodies containing shell expansion tokens such as $VAR, $?, $$, $1, $@, etc.
Since the vulnerability is related to the parsing and execution of shell commands within OpenClaw, detection on your system would involve inspecting scripts or commands processed by OpenClaw for unquoted heredocs with suspicious shell expansions.
There are no specific commands provided in the resources to detect this vulnerability directly on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.22 or later, where the vulnerability has been fixed.
- Upgrade OpenClaw to version 2026.4.22 or newer, which includes a patch that blocks POSIX parameter expansions inside unquoted heredocs during shell approval analysis.
- Ensure that any exec allowlist commands do not contain unquoted heredocs with shell expansion tokens.
- Apply the updated package from npm or the official OpenClaw repository to benefit from the stricter validation and handling of heredoc bodies.