Main Vulnerability Database Vulnerabilities #VU132729

Input validation error in OpenClaw - #VU132729

Published: May 29, 2026

Vulnerability identifier: #VU132729

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a local user to execute shell content outside the intended allowlist check.

The vulnerability exists due to improper input validation in the macOS Swift exec allowlist logic when processing command requests using combined POSIX inline-command flags. A local user can send a specially crafted command request to execute shell content outside the intended allowlist check.

Only instances where the affected feature is enabled and reachable are vulnerable. User interaction is required.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-c226-q6fx-6j6c

Input validation error in OpenClaw - #VU132729

Detailed vulnerability description

Remediation

Sources

Please verify you're human