OpenClaw macOS Companion App Allowlist Parsing Mismatch Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.2.22 within the macOS companion app. This vulnerability allows authenticated operators to bypass execution approval checks. Operators with 'operator.write' privileges and a paired macOS beta node can create shell-chain payloads that exploit incomplete allowlist validation, enabling the execution of arbitrary commands on the connected host.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the paired macOS host.

Reproduction

To reproduce this vulnerability, an authenticated operator with 'operator.write' privileges must pair a macOS beta node with their OpenClaw installation. Once paired, the operator can craft shell-chain payloads that bypass the allowlist validation in the 'system.run' command, taking advantage of the flawed parsing in the exec approval process.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.