CVE-2026-44115
Published
CVSS v3
8.8
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub