⚠ Withdrawn by GitHub Security Advisories

Withdrawn: June 18, 2026

GHSA-g796-jqmx-wf9qMediumCVSS 6.6Disclosed before NVD

Duplicate Advisory: macOS Swift exec allowlist missed combined POSIX inline flags

Published
June 16, 2026
Last Modified
June 18, 2026

📋 Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c226-q6fx-6j6c. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.

🎯 Affected products1

  • npm/openclaw:<= 2026.5.5

🔗 References (4)