OpenClaw Authorization Bypass Vulnerability in Allowlist Mode Allowing Unapproved Command Execution

A vulnerability allowing authorization bypass has been identified in OpenClaw versions prior to 2026.2.22. This issue arises in allowlist mode, where 'allow-always' persistence at the wrapper level enables the execution of various payloads without approval. Attackers can exploit this by approving benign wrapped 'system.run' commands, thereby expanding trust boundaries and executing arbitrary commands on gateways and node-hosts without further approval.

Impact

Exploitation of this vulnerability can lead to unauthorized execution of commands, bypassing approval processes and potentially allowing for remote code execution.

Reproduction

To reproduce this vulnerability, approve a wrapped 'system.run' command with 'allow-always' in 'security=allowlist' mode. This will persist the approval at the wrapper level, allowing for future executions of different payloads without additional approval.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.22 or later. If an immediate upgrade is not possible, consider running with a stricter execution policy until the upgrade can be performed.