OpenClaw Exec Allowlist Bypass Vulnerability via Shell Init-File Options

A vulnerability allowing exec allowlist bypass has been identified in OpenClaw versions prior to 2026.3.31. This issue arises from the application's handling of shell init-file wrapper invocations, which can be exploited to load attacker-chosen initialization files while circumventing exec allowlist matching restrictions. Attackers can use shell options such as --rcfile, --init-file, and --startup-file to exploit this vulnerability, inheriting allowlist trust from approved script paths even after loading malicious initialization files.

Impact

Exploitation of this vulnerability leads to a bypass of exec allowlist restrictions, allowing attackers to execute scripts that would otherwise be blocked. This could potentially be used to execute arbitrary commands or scripts under certain conditions, depending on how the bypassed allowlist is applied.

Reproduction

To reproduce this vulnerability, use a version of OpenClaw prior to 2026.3.31 with exec allowlist or allow-always behavior enabled. Invoke a shell-wrapper command that includes --rcfile, --init-file, or --startup-file options, directing the shell to load a malicious initialization file. The exec allowlist matching will incorrectly treat this as a trusted execution, allowing the specified script to run while bypassing the intended restrictions.

Remediation

Users can upgrade to OpenClaw version 2026.3.31 or later to address this vulnerability.