CVE-2026-22179
Published: 18 March 2026
Summary
CVE-2026-22179 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of command inputs to prevent exploitation of improper parsing of substitution tokens within double-quoted text.
Mandates restriction to least functionality via allowlisting of commands, countering attempts to execute non-allowlisted arbitrary commands.
Implements a tamper-proof reference monitor to enforce command allowlist policies precisely, mitigating bypass vulnerabilities in enforcement logic.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote command injection via allowlist bypass directly enables T1190 (public-facing app exploitation) and T1059.004 (Unix shell command execution) on macOS.
NVD Description
OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution syntax within…
more
double-quoted text to bypass security restrictions and execute arbitrary commands on the system.
Deeper analysisAI
CVE-2026-22179 is an allowlist bypass vulnerability (CWE-78) in OpenClaw versions prior to 2026.2.22, affecting the system.run component within the macOS node-host. The issue arises from improper parsing of command substitution tokens inside double-quoted text, which allows remote attackers to execute non-allowlisted commands by crafting malicious shell payloads.
Attackers with high privileges (PR:H) can exploit this remotely (AV:N) with low complexity (AC:L) and no user interaction (UI:N), as reflected in its CVSS v3.1 base score of 7.2 (C:H/I:H/A:H, S:U). Successful exploitation enables bypassing security restrictions to run arbitrary commands on the system.
Mitigation is addressed in the referenced GitHub commit (90a378ca3a9ecbf1634cd247f17a35f4612c6ca6) and security advisory (GHSA-9p38-94jf-hgjj), with OpenClaw 2026.2.22 or later resolving the improper parsing. Further details on the allowlist bypass via command substitution are provided in the VulnCheck advisory.
Details
- CWE(s)