SB2026050452 - Multiple vulnerabilities in OpenClaw
Published: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2026-27209)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute unexpected shell commands.
The vulnerability exists due to command injection in the shell allowlist analyzer in src/infra/exec-approvals-analysis.ts when processing unquoted heredoc bodies in allowlisted exec commands. A remote user can supply a crafted unquoted heredoc containing expansion tokens to execute unexpected shell commands.
Only deployments with exec enabled in security=allowlist mode are vulnerable; standard default installations are not affected.
2) Missing Authorization (CVE-ID: CVE-2026-27158)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass JID authorization restrictions for reaction targeting.
The vulnerability exists due to missing authorization in the WhatsApp reaction action when handling reaction requests with a forged chatJid and a valid messageId. A remote user can submit a crafted reaction request to bypass JID authorization restrictions for reaction targeting.
The issue is limited to reaction actions in allowFrom-restricted WhatsApp workflows.
3) Input validation error (CVE-ID: CVE-2026-27159)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause increased resource consumption.
The vulnerability exists due to improper input validation in the tts model directive handling when processing model-generated TTS directives. A remote attacker can influence a reply to include a crafted provider override directive to cause increased resource consumption.
Exploitation requires multiple TTS providers to be configured.
4) Code Injection (CVE-ID: CVE-2026-27165)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to inject attacker-controlled prompt text into the LLM context.
The vulnerability exists due to improper input validation in src/acp/event-mapper.ts when interpolating ACP resource_link metadata into prompt text. A remote attacker can supply crafted title or uri fields to inject attacker-controlled prompt text into the LLM context.
5) Resource exhaustion (CVE-ID: CVE-2026-27164)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause increased resource consumption.
The vulnerability exists due to uncontrolled resource consumption in src/agents/pi-embedded-runner/run.ts when processing adversarial overflow inputs. A remote attacker can trigger repeated overflow recovery retries to cause increased resource consumption.
Successful tool-result truncation resets the overflow retry counter while truncation itself remains a one-shot action, which preserves eventual termination but amplifies bounded retry and cost cycles.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-65rx-fvh6-r4h2
- https://github.com/openclaw/openclaw/commit/92cada2acad80b05e3d2f89913d4a7ed5fd43499
- https://github.com/openclaw/openclaw/security/advisories/GHSA-2prf-9cw7-fq62
- https://github.com/openclaw/openclaw/commit/e217f8c3f772dc1bb57fb8c920711eb8feff5cd4
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xwcr-v472-8hhr
- https://github.com/openclaw/openclaw/commit/f265d458403d31e510e73026852ed3d512a9ee01
- https://github.com/openclaw/openclaw/security/advisories/GHSA-74xj-763f-264w
- https://github.com/openclaw/openclaw/commit/6aa11f30924ee08d0e6f36ede4877e44c553b984
- https://github.com/openclaw/openclaw/security/advisories/GHSA-x2g4-7mj7-2hhj
- https://github.com/openclaw/openclaw/commit/084f6210255da3ad3f2129ccfcfc84a094e10094