Vulnerability Description
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution syntax within double-quoted text to bypass security restrictions and execute arbitrary commands on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.22 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/90a378ca3a9ecbf1634cd247f17a35f4612cPatch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-9p38-94jf-hgjjExploitVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-command-substThird Party Advisory
FAQ
What is CVE-2026-22179?
CVE-2026-22179 is a vulnerability with a CVSS score of 7.2 (HIGH). OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper par...
How severe is CVE-2026-22179?
CVE-2026-22179 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22179?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.