CVE-2026-53861

Vulnerability

OpenClaw versions before 2026.5.6 contain an allowlist bypass vulnerability in the macOS Swift exec feature. The allowlist check for inline-command flags fails to account for combined POSIX inline-command flags (e.g., -c combined with other flags), allowing shell content to bypass the intended restriction. This affects the macOS Swift exec feature when enabled and configured with an allowlist [1][2].

Exploitation

An attacker must be an authenticated Gateway operator with access to the affected feature. The attacker crafts a command request that uses combined POSIX inline-command flags, which are not properly validated by the allowlist. The feature must be enabled and reachable for exploitation to succeed [1].

Impact

Successful exploitation allows the attacker to execute shell content outside the intended allowlist check. The practical impact depends on the operator's configuration and whether lower-trust input can reach the vulnerable path. Potential outcomes include unauthorized command execution with the privileges of the Gateway process [1][2].

Mitigation

The vulnerability is fixed in OpenClaw version 2026.5.6 [1]. As a workaround, require approval for combined shell flag forms on macOS until patched. Additional hardening measures include keeping channel and tool allowlists narrow, avoiding sharing a Gateway between mutually untrusted users, and disabling the affected feature when not needed [1].