Main Vulnerability Database Vulnerabilities #VU132698

Incorrect authorization in OpenClaw - #VU132698

Published: May 29, 2026

Vulnerability identifier: #VU132698

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to execute unintended shell operations.

The vulnerability exists due to incorrect authorization in the exec approval display and binding when handling oversized exec commands in the approval view. A remote user can create a pending host exec request with a command long enough to be truncated to execute unintended shell operations.

This affects deployments where exec approval is enabled, and user interaction is required because an approver must approve the request.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-xww8-gqvh-92x9

Incorrect authorization in OpenClaw - #VU132698

Detailed vulnerability description

Remediation

Sources

Please verify you're human