OpenClaw Path Validation Bypass Vulnerability in Exec-Approval Allowlist Mode on macOS

A path validation bypass vulnerability has been identified in OpenClaw versions prior to 2026.2.22 on macOS. This vulnerability exists in the exec-approval allowlist mode, where basename-only allowlist entries can be exploited by local attackers to execute unauthorized binaries. When the 'security' setting is configured to 'allowlist' and 'ask' is set to 'on-miss', attackers can run local binaries with the same name, such as './echo', without proper approval. This bypasses the intended path-based policy restrictions, allowing unauthorized execution of commands.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of binaries, bypassing established security allowlists and potentially allowing malicious actions to be performed under the guise of trusted commands.

Reproduction

To reproduce this vulnerability, configure OpenClaw on macOS to use the exec-approval allowlist feature with 'security=allowlist' and 'ask=on-miss'. Add a basename-only allowlist entry for a command such as 'echo'. Then, execute a local binary with the same name, like './echo'. The command will run without approval, demonstrating the path validation bypass.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, which enforces path-only allowlist matching, removes basename fallback, and migrates legacy basename entries to their last-resolved paths when available.