CVE-2026-27487

HighRCE

Published: 21 February 2026

Published

21 February 2026

Modified

23 February 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS Score 0.0002 6.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27487 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models.

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

OS command injection (CWE-78) in macOS desktop app directly enables arbitrary Unix shell execution (T1059.004) via malicious OAuth token in credential refresh; maps to client-side code execution exploitation (T1203) given AV:N/PR:L/UI:R and high C/I impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth…

tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14.

Deeper analysisAI

CVE-2026-27487 is an OS command injection vulnerability (CWE-78) affecting OpenClaw, a personal AI assistant, in versions 2026.2.13 and prior. The issue arises specifically on macOS during the Claude CLI keychain credential refresh process, where the application constructs a shell command using the `security add-generic-password -w` utility to store an updated JSON blob containing OAuth tokens. Since these tokens are user-controlled, they enable injection of arbitrary commands into the shell execution.

The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L), indicating exploitation over the network with low complexity, requiring low privileges and user interaction. A low-privileged user or attacker with network access can exploit it by supplying a malicious OAuth token—potentially via phishing or a compromised authentication flow—tricking the victim into triggering the credential refresh. Successful exploitation allows arbitrary command execution on the macOS host, resulting in high confidentiality and integrity impacts, such as data theft or system modification, with low availability disruption.

Mitigation is available in OpenClaw version 2026.2.14, as detailed in the project's GitHub release notes and related commits (e.g., 66d7178f2d6f9d60abad35797f97f3e61389b70c, 9dce3d8bf83f13c067bc3c32291643d2f1f10a06, b908388245764fb3586859f44d1dff5372b19caf) and pull request #15924, which address the insecure shell command construction. Security practitioners should urge users to update immediately and review macOS keychain access patterns in similar CLI tools handling user-controlled inputs.

Details

CWE(s): CWE-78

Affected Products

openclaw

≤ 2026.2.14

AI Security AnalysisAI

AI Category: APIs and Models
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: ai, claude

CVEs Like This One

CVE-2026-25157Same product: Apple Macos

CVE-2026-32016Same product: Apple Macos

CVE-2026-26323Same product: Openclaw Openclaw

CVE-2026-22179Same product: Openclaw Openclaw

CVE-2026-32917Same product: Openclaw Openclaw

CVE-2026-28463Same product: Openclaw Openclaw

CVE-2026-24763Same product: Openclaw Openclaw

CVE-2026-27566Same product: Openclaw Openclaw

CVE-2026-32003Same product: Openclaw Openclaw

CVE-2026-32056Same product: Openclaw Openclaw

References

https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c
Patch · security-advisories@github.com
https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06
Patch · security-advisories@github.com
https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf
Patch · security-advisories@github.com
https://github.com/openclaw/openclaw/pull/15924
Issue Tracking · security-advisories@github.com
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
Release Notes · security-advisories@github.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h
Patch, Vendor Advisory · security-advisories@github.com