High severity8.8NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2026-44115
CVE-2026-44115
Description
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
3- github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5nvdPatch
- github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jxnvdMitigationVendor Advisory
- www.vulncheck.com/advisories/openclaw-shell-expansion-bypass-in-unquoted-heredocs-via-exec-allowlistnvdThird Party Advisory
News mentions
4- Patched OpenClaw Flaw Let Hackers Hijack AI AgentsGovInfoSecurity · May 19, 2026
- 'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsDark Reading · May 18, 2026
- ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliverySecurityWeek · May 18, 2026
- Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and PersistenceThe Hacker News · May 15, 2026