GHSA-8v2r-mv47-wxfrHighCVSS 8.8
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv...
🔗 CVE IDs covered (1)
📋 Description
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls.