CVE-2026-44115 — HIGH (8.8)

Q: How severe is CVE-2026-44115?

CVE-2026-44115 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-44115?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.4.22

Related Weaknesses (CWE)

CWE-184

References

https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90bPatch
https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jxMitigationVendor Advisory
https://www.vulncheck.com/advisories/openclaw-shell-expansion-bypass-in-unquotedThird Party Advisory

FAQ

What is CVE-2026-44115?

CVE-2026-44115 is a vulnerability with a CVSS score of 8.8 (HIGH). OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell exp...

How severe is CVE-2026-44115?

CVE-2026-44115 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-44115?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.