OpenClaw Command Injection Vulnerability in System.run Shell-Wrapper
Vulnerability
A command injection vulnerability has been identified in OpenClaw versions prior to 2026.2.24. This vulnerability resides in the system.run shell-wrapper, where attackers can execute hidden commands by injecting positional arguments after inline shell payloads. The exploitation involves crafting misleading approval text that obscures the true nature of the executed commands, taking advantage of a lack of proper validation for the display context.
Impact
Exploitation of this vulnerability allows for arbitrary command execution, with the executed commands being hidden under deceptive approval text.
Reproduction
To reproduce this vulnerability, use a version of OpenClaw prior to 2026.2.24. Inject positional arguments into the system.run command after an inline shell payload, such as 'bash -c'. The injected arguments can be used to execute additional commands, bypassing the approval display context.
Remediation
Users can update to OpenClaw version 2026.2.24 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.