OpenClaw Exec Allowlist Bypass Vulnerability Allowing Arbitrary Command Execution
Vulnerability
A command execution vulnerability has been identified in OpenClaw versions prior to 2026.2.2. This vulnerability allows attackers to bypass the exec approvals allowlist (which must be enabled) by injecting command substitution syntax, such as unescaped $() or backticks, into double-quoted strings. As a result, unauthorized commands can be executed.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server where OpenClaw is running.
Reproduction
To reproduce this vulnerability, first ensure that the exec approvals allowlist feature is enabled in OpenClaw. Then, inject command substitution syntax into double-quoted strings. The allowlist parsing will reject the command substitution, but the execution will still occur, bypassing the allowlist protection.
Remediation
Users can update to OpenClaw version 2026.2.2 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.