OpenClaw Allowlist Bypass Vulnerability in Wrapper Binary Unwrapping via system.run
Vulnerability
A vulnerability allowing allowlist bypass has been identified in OpenClaw versions prior to 2026.2.22. This issue arises in the 'system.run' execution analysis, which fails to properly unwrap environment and shell-dispatch wrapper chains. As a result, attackers can manipulate execution through wrapper binaries such as 'env' or 'bash' to deliver payloads that comply with allowlist entries while executing commands that are not on the allowlist.
Impact
Exploitation of this vulnerability allows for an allowlist bypass, enabling the execution of non-allowlisted commands under an allowlist policy.
Reproduction
The vulnerability can be reproduced by sending a 'system.run' request with a command that includes an allowed wrapper binary, such as 'env' or 'bash', followed by a payload that executes a disallowed command. The execution will be routed through the wrapper, bypassing the allowlist restrictions.
Remediation
Users can update to OpenClaw version 2026.2.22 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.