Main Vulnerability Database Vulnerabilities #VU132740

Protection Mechanism Failure in OpenClaw - #VU132740

Published: May 29, 2026

Vulnerability identifier: #VU132740

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass configured argument restrictions and execute disallowed arguments for an allowlisted executable.

The vulnerability exists due to protection mechanism failure in exec allowlist enforcement when processing exec requests on Linux or macOS gateways with allowlist mode enabled. A remote user can influence a tool-enabled agent to invoke an allowlisted executable with arguments that should have been blocked to bypass configured argument restrictions and execute disallowed arguments for an allowlisted executable.

This issue affects only deployments using tools.exec.security: "allowlist" where at least one allowlist entry uses argPattern; Windows is not affected, and path-only allowlist entries are not additionally affected.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-v2ww-5rh7-2h5v

Protection Mechanism Failure in OpenClaw - #VU132740

Detailed vulnerability description

Remediation

Sources

Please verify you're human