Skip to content
CVSS 8.8 · HIGH

CVE-2026-44115

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

Ver en NVD

Análisis

OpenClaw is an open-source recreation of a classic game engine, which falls into the niche category. While the vulnerability allows for unapproved command execution, the product is not relevant to the community's primary focus on professional web, mobile, or backend development.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-184

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

Publicada: 6/5/2026, 20:16:35
Última modificación: 6/5/2026, 21:20:52

Referencias

InicioEventosBlogRecursosEquipo