DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-X3H8-JRGH-P8JX: GHSA-X3H8-JRGH-P8JX: Execution Allowlist Bypass in OpenClaw via Heredoc Parsing Discrepancies

#security #cve #cybersecurity #ghsa

GHSA-X3H8-JRGH-P8JX: Execution Allowlist Bypass in OpenClaw via Heredoc Parsing Discrepancies

Vulnerability ID: GHSA-X3H8-JRGH-P8JX
CVSS Score: 5.5
Published: 2026-05-04

The OpenClaw NPM package contains a security bypass vulnerability in its execution approval analyzer. The analyzer fails to properly parse unquoted heredocs due to incomplete implementation of POSIX shell expansion rules, allowing attackers to evade command allowlists and exfiltrate secrets.

TL;DR

OpenClaw versions up to 2026.4.21 fail to correctly parse POSIX line-splicing and variable expansions in unquoted heredocs. Attackers can bypass the execution allowlist to exfiltrate sensitive environment variables.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Parsing Discrepancy / Allowlist Bypass
  • CWE ID: CWE-436
  • Attack Vector: Crafted Shell Command Input
  • Impact: Secret Exfiltration / Security Bypass
  • Authentication: Required (Access to Approval Workflow)
  • Patch Status: Patched in 2026.4.22

Affected Systems

  • OpenClaw execution approval analyzer
  • openclaw: <= 2026.4.21 (Fixed in: 2026.4.22)

Code Analysis

Commit: b2e8b7d

Fix heredoc parsing bypass by introducing stateful logical line tracking and expanded token coverage

Exploit Details

  • GitHub Advisory: Advisory containing the PoC for the line splicing bypass

Mitigation Strategies

  • Upgrade the openclaw NPM package to version 2026.4.22
  • Implement defense-in-depth by running OpenClaw in an isolated environment with minimal environment variables
  • Monitor command execution logs for anomalous line-splicing patterns or unusual heredoc structures

Remediation Steps:

  1. Identify all projects utilizing the openclaw package via package.json analysis.
  2. Execute 'npm update openclaw' to pull version 2026.4.22 or higher.
  3. Verify the installed version via 'npm list openclaw'.
  4. Review historical approval logs to identify potential active exploitation prior to the patch.

References

Read the full report for GHSA-X3H8-JRGH-P8JX on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)