CVE-2026-22179
MEDIUM WAF: High
CVSS 6.6
Published: 2026-03-18
CWE-78
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution syntax within double-quoted text to bypass security restrictions and execute arbitrary commands on the system.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| openclaw | openclaw | up to 2026.2.22 |
References
- github.com (Patch)
- github.com (Exploit, Vendor Advisory)
- www.vulncheck.com (Third Party Advisory)