Vulnerability Description
OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.4.2 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b09Patch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4qVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-vThird Party Advisory
FAQ
What is CVE-2026-34425?
CVE-2026-34425 is a vulnerability with a CVSS score of 5.4 (MEDIUM). OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or comple...
How severe is CVE-2026-34425?
CVE-2026-34425 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34425?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.