CVE-2026-27566
Published: 19 March 2026
Summary
CVE-2026-27566 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 24.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific flaw in system.run exec analysis by patching to version 2026.2.22 or later, directly eliminating the allowlist bypass vulnerability.
Mandates validation of command inputs to neutralize special elements like wrapper chains (e.g., env bash), preventing OS command injection and allowlist bypasses.
Enforces restrictions on software execution to only approved binaries, providing defense-in-depth against unauthorized commands smuggled via wrapper bypasses.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Allowlist bypass in system.run via wrapper binaries (e.g. env bash) directly enables Unix shell command execution (T1059.004) and indirect/proxy command execution to evade restrictions (T1202).
NVD Description
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries…
more
while executing non-allowlisted commands.
Deeper analysisAI
OpenClaw versions prior to 2026.2.22 are affected by CVE-2026-27566, an allowlist bypass vulnerability in the system.run exec analysis component. The flaw arises from a failure to unwrap environment variables and shell-dispatch wrapper chains, enabling attackers to route execution through wrapper binaries such as env bash. This allows payloads to satisfy allowlist entries while executing non-allowlisted commands. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')) with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L).
Attackers with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. By chaining wrapper binaries, they can bypass the allowlist restrictions in system.run exec analysis, achieving high integrity impact (I:H) through execution of unauthorized commands and low availability impact (A:L), while confidentiality remains unaffected (C:N).
Mitigation details are available in official advisories and the patch commit. The GitHub security advisory (GHSA-jj82-76v6-933r) and the fix in commit 2b63592be57782c8946e521bc81286933f0f99c7 address the unwrapping failure. Vulncheck's advisory further describes the allowlist bypass via wrapper binary unwrapping in system.run. Users should update to OpenClaw version 2026.2.22 or later to remediate the issue.
Details
- CWE(s)