CVE-2026-31992
Published: 19 March 2026
Summary
CVE-2026-31992 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Indirect Command Execution (T1202); ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and CM-10 (Software Usage Restrictions).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the allowlist bypass vulnerability in OpenClaw's system.run guardrails by applying patches from version 2026.2.23 that address the env -S exploitation.
Implements a tamperproof reference monitor to enforce command execution policies without bypasses, countering the policy analysis evasion via env -S in system.run.
Enforces deny-all, permit-by-exception policies for software execution, preventing authenticated operators from running unintended shell wrapper payloads through allowlisted binaries like env.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Allowlist bypass via permitted /usr/bin/env binary with -S flag enables indirect execution of arbitrary shell wrapper payloads, directly facilitating Unix shell command execution (T1059.004) and indirect command execution (T1202) to evade policy restrictions.
NVD Description
OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at…
more
runtime.
Deeper analysisAI
CVE-2026-31992 is an allowlist bypass vulnerability affecting the system.run guardrails in OpenClaw versions prior to 2026.2.23. The flaw enables authenticated operators to execute unintended commands by leveraging the allowlisting of /usr/bin/env. Attackers can use the env -S option to evade policy analysis and run shell wrapper payloads at runtime. Published on 2026-03-19, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) and maps to CWE-184.
The vulnerability can be exploited by authenticated operators requiring only low privileges, over a network vector with low attack complexity and no user interaction. Exploitation allows bypassing execution restrictions to run arbitrary commands, resulting in high integrity impact through unauthorized code execution and low availability impact.
Mitigation is addressed in OpenClaw version 2026.2.23 and later, with fixes detailed in GitHub commits 3f923e831364d83d0f23499ee49961de334cf58b and a1c4bf07c6baad3ef87a0e710fe9aef127b1f606, as well as the security advisory GHSA-48wf-g7cp-gr3m. Further analysis is provided in the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-allowlist-exec-guard-bypass-via-env-s.
Details
- CWE(s)