OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

AI Analysis

Shell expansion bypass vulnerability in unquoted heredoc bodies via exec allowlist

Basic Information

ID CVE-2026-44115

Source VulnCheck

Published May 6, 2026 at 19:49

Affected Product

Vendor OpenClaw

Product OpenClaw

Affected Versions OpenClaw OpenClaw 0

CWE Classification

CWE-184

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor OpenClaw

Product OpenClaw

Version < 2026.4.22

References

{
    "lastseen": "",
    "description": "OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.",
    "published": "2026-05-06T19:49:35.128Z",
    "modified": "2026-05-06T19:49:35.128Z",
    "type": "cve",
    "title": "OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist",
    "source": "VulnCheck",
    "references": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx\nhttps://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\nhttps://www.vulncheck.com/advisories/openclaw-shell-expansion-bypass-in-unquoted-heredocs-via-exec-allowlist",
    "id": "CVE-2026-44115",
    "bulletinFamily": "",
    "cwe": [
        "CWE-184"
    ],
    "cvelist": null,
    "sourceData": "OpenClaw OpenClaw 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenClaw",
    "version": "0",
    "vendor": "OpenClaw",
    "ai_description": "Shell expansion bypass vulnerability in unquoted heredoc bodies via exec allowlist",
    "ai_severity": "High",
    "ai_vendor": "OpenClaw",
    "ai_product": "OpenClaw",
    "ai_version": "< 2026.4.22",
    "ai_score": 8.7
}

OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist_CVE-2026-44115