CVE-2026-31993

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22

Description The OpenClaw macOS companion app contains a flaw in how it parses allowlists, potentially allowing authenticated operators to bypass execution approval checks. Specifically, attackers with operator.write privileges and a paired macOS beta node can create shell-chain payloads that circumvent incomplete allowlist validation, leading to arbitrary command execution on the paired host. This requires exec approvals to be set to security=allowlist and ask=on-miss. The issue stems from unsafe shell-substitution parsing in allowlist mode. The fix involves hardening macOS allowlist resolution by evaluating shell chains per segment and failing closed on unsafe parsing.

Recommendations OpenClaw versions prior to 2026.2.22 should be updated.