CVE-2026-44115
Published: 06 May 2026
Summary
CVE-2026-44115 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-28195
Vulnerability details
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Bypass of shell exec allowlist via heredoc expansion directly enables arbitrary Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Spam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists.