OpenClaw Allowlist Bypass Vulnerability in System Run Guardrails
Vulnerability
A vulnerability allowing allowlist bypass in OpenClaw has been identified in versions prior to 2026.2.23. This issue resides within the 'system.run' guardrails, where authenticated operators can execute unintended commands. The vulnerability arises when '/usr/bin/env' is allowlisted; operators can exploit this by using 'env -S' to bypass policy analysis and execute shell wrapper payloads during runtime.
Impact
Exploitation of this vulnerability allows authenticated operators to bypass allowlist policies and execute unintended commands, potentially leading to unauthorized actions or command executions within the application.
Reproduction
To reproduce this vulnerability, an authenticated operator must first ensure that '/usr/bin/env' is allowlisted. Then, they can use the 'env -S' option to send shell payloads that will be executed at runtime, bypassing the intended policy safeguards.
Remediation
Users can update to OpenClaw version 2026.2.23 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.