A security flaw in OpenClaw on Linux and macOS permits attackers to bypass argument validation, potentially allowing the execution of unauthorized commands.

The issue resides in the exec allowlist mechanism, which fails to properly validate argument patterns. This allows a malicious actor to circumvent existing security policies and pass prohibited arguments to authorized executables on Linux and macOS platforms.

The CVSS score of 8.3 indicates high severity. By bypassing command execution constraints, attackers may be able to perform unauthorized system operations or escalate privileges, resulting in potential system compromise and violation of security policies.

Immediate Action: Update OpenClaw to version 2026.5.12 or later to ensure proper enforcement of argument pattern validation.

Proactive Monitoring: Review system execution logs for unexpected or anomalous arguments passed to allowlisted executables that may indicate an attempt to bypass security controls.

Compensating Controls: Use host-based intrusion detection systems (HIDS) to monitor and alert on unauthorized command-line executions or unusual process behavior.

Public Exploit Available: false

This vulnerability undermines the security controls meant to restrict executable arguments. It is imperative that all affected Linux and macOS deployments are updated to version 2026.5.12 to restore the integrity of the execution allowlist.