CVE-2026-53855
Analyzed Analyzed - Analysis Complete

Inline-Eval Bypass in OpenClaw

Vulnerability report for CVE-2026-53855, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-18

Assigner: VulnCheck

Description

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers outside intended allowlist rules, enabling execution of unapproved shell-provided content.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-18
Generated
2026-07-07
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-53855 is a vulnerability in OpenClaw versions before 2026.4.2 that allows authenticated operators to bypass strict inline-eval allowlist checks by exploiting shell positional parameters.

Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers that are not covered by the allowlist rules, enabling execution of unapproved shell-provided content.

This issue arises from incomplete input validation and incorrect authorization, allowing command injection outside intended restrictions.

Impact Analysis

If exploited, this vulnerability can allow an attacker with authenticated operator access to execute unauthorized shell commands by bypassing strict allowlist rules.

This could lead to improper privilege management, improper access control, and execution of potentially harmful commands outside the intended security boundaries.

The impact depends on the operator's configuration and whether lower-trust input can reach the vulnerable path.

Mitigation Strategies

To mitigate the vulnerability in OpenClaw versions prior to 2026.4.2, you should take the following immediate steps:

  • Avoid allowlisting shell carrier patterns.
  • Require approval for shell wrappers until the system is patched.
  • Keep channel and tool allowlists as narrow as possible.
  • Avoid sharing Gateways between untrusted users.
  • Disable the affected feature if it is unnecessary.

Additionally, upgrading to OpenClaw version 2026.4.2 or later, where this vulnerability is patched, is recommended.

Detection Guidance

Detection of this vulnerability involves identifying usage of OpenClaw versions prior to 2026.4.2 and monitoring for command requests that combine allowlisted tools with shell positional arguments to bypass inline-eval checks.

Since the vulnerability exploits shell positional parameters to bypass allowlist checks, you can look for suspicious shell command executions that include positional parameters in contexts where strict allowlisting is expected.

Suggested commands to help detect potential exploitation attempts or vulnerable configurations include:

  • Check OpenClaw version installed: `openclaw --version` or check package manager for installed version.
  • Search logs for shell commands combining allowlisted tools with positional parameters, for example using grep: `grep -E '\b(tool1|tool2)\s+\$[0-9]+' /var/log/openclaw/*.log` replacing tool1, tool2 with your allowlisted tools.
  • Monitor running processes for suspicious shell wrappers or commands with positional parameters: `ps aux | grep -E '\b(tool1|tool2)\s+\$[0-9]+'`.

Additionally, review OpenClaw configuration to identify if shell carrier patterns are allowlisted and consider disabling the affected feature if not needed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53855. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart