An authentication-based approval display truncation vulnerability in OpenClaw allows attackers to execute unauthorized commands, posing a significant risk to system integrity.

This vulnerability is an approval display truncation flaw occurring within the command execution workflow. An authenticated attacker can submit oversized exec commands containing benign prefixes followed by malicious suffixes, which are hidden from the user approving the action.

Successful exploitation of this vulnerability allows for the execution of unauthorized operations under the guise of an approved action, potentially leading to privilege escalation or complete system compromise. With a CVSS score of 8.0, this high-severity flaw represents a significant risk to operational integrity and data security.

Immediate Action: Upgrade OpenClaw to version 2026.5.18 or later to resolve the truncation issue.

Proactive Monitoring: Review audit logs for unusual command submissions or unexpected changes in system configuration following approval events.

Compensating Controls: Implement strict input validation policies and limit the number of users with approval permissions to reduce the attack surface.

Public Exploit Available: false

Given the high CVSS score, organizations should prioritize patching their OpenClaw instances. The ability for an authenticated user to bypass approval controls necessitates immediate attention to prevent unauthorized system modifications.