princezuda SafestClaw Shell Command Allowlist Bypass Vulnerability

Vulnerability

A command-execution policy bypass vulnerability has been identified in princezuda SafestClaw versions through 4.2.4. The issue resides in the built-in web interface's shell action, specifically within the command validation function. The vulnerability allows local execution of denied commands by exploiting an incomplete allowlist. When a command is sent through the web interface, the parser extracts it and forwards it to the shell action without proper validation of the effective executable. This oversight enables the invocation of blocked interpreters, such as bash, by wrapping them in approved commands like 'env'. As a result, the bypassed command executes with the same privileges as the SafestClaw process, potentially accessing sensitive files, environment variables, and network resources.

Impact

Exploitation of this vulnerability bypasses the intended command approval process, allowing unauthorized execution of shell commands. This could lead to unauthorized access or manipulation of system resources, files, and environment variables, as well as network capabilities, depending on the executed command.

Reproduction

The vulnerability can be reproduced by sending a command through the SafestClaw web interface's message API that includes 'env' followed by a blocked interpreter command, such as 'bash -c id'. This command will be executed despite bash being explicitly disallowed, demonstrating the allowlist bypass.

Added: Jul 18, 2026, 5:24 PM
Updated: Jul 18, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
4.6
remediation
0.0
relevance
10.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.