CVE-2026-53866

Vulnerability

OpenClaw before version 2026.5.12 contains an allowlist bypass vulnerability in its shell inline-command parsing. When a command request uses shell inline-command forms, it can route through a parser case that misses the expected allowlist decision, enabling execution of shell content without the intended approval prompts. The vulnerability is present in all versions prior to the patched release [1][2].

Exploitation

An attacker must be an authenticated Gateway operator with the ability to issue command requests. By crafting a command using shell inline-command forms that routes through the missing parser case, the attacker can bypass the allowlist check and execute unapproved shell commands without triggering the intended approval prompt [1][2].

Impact

Successful exploitation allows an authenticated operator to execute shell commands that were not approved by the allowlist, potentially leading to unauthorized data access or system modification. The CVSS v3 score is 8.1 (High) with high confidentiality and integrity impacts [2]. Practical impact depends on configuration and whether lower-trust input can reach the vulnerable path [1].

Mitigation

The vulnerability is fixed in OpenClaw version 2026.5.12 [1]. Until patched, administrators should require approval for shell inline-command forms, keep channel and tool allowlists narrow, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature when not needed [1]. No known exploitation in the wild has been reported in the available references.