VYPR
← All advisories
High severity8.1NVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026

CVE-2026-53855

CVE-2026-53855

Description

OpenClaw before 2026.4.2 allows authenticated operators to bypass inline-eval allowlist checks via shell positional parameters, enabling execution of unapproved shell-provided content.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenClaw before 2026.4.2 allows authenticated operators to bypass inline-eval allowlist checks via shell positional parameters, enabling execution of unapproved shell-provided content.

Vulnerability

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability (CWE-184 incomplete list of disallowed inputs). Authenticated operators can weaken strict allowlist checks by combining allowlisted tools with shell positional arguments. This places inline-eval content in shell carriers not covered by the strict check, allowing execution of unapproved shell-provided content. The vulnerability affects all versions prior to 2026.4.2 and is reachable when the affected feature is enabled [1][2].

Exploitation

An authenticated operator with access to the affected feature can craft a command request that includes an allowlisted tool along with shell positional parameters. These parameters are interpreted by the shell in a way that the inline-eval content is placed into a carrier outside the intended allowlist rules. The operator does not need additional privileges beyond those required to send commands through the gateway. The exploit requires the operator to have the ability to provide arbitrary positional arguments to the allowlisted tool [1].

Impact

Successful exploitation allows the attacker to execute shell-provided content that is not on the allowlist, effectively bypassing the intended security control. Depending on the operator's configuration and whether lower-trust input can reach that path, this could lead to execution of arbitrary commands with the privileges of the gateway process. The CVSS v3 score is 8.1 (High) with high impact on confidentiality and integrity [2]. The vulnerability does not change OpenClaw's trusted-operator model but can be exploited when the feature is enabled and reachable [1].

Mitigation

The first stable patched version is 2026.4.2. Users should upgrade to this version or later. As workarounds until patching is possible, administrators should avoid allowlisting shell carrier patterns, require approval for shell wrappers, keep channel and tool allowlists narrow, avoid sharing one gateway between mutually untrusted users, and disable the affected feature when not in use [1].

References
  1. Shell positional parameters could weaken strict inline-eval checks
  2. OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks

AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    < 2026.4.2+ 1 more
    • (no CPE)range: < 2026.4.2
    • (no CPE)range: <2026.4.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.