OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\\ followed by a newline and opening parenthesis inside double quotes, causing the shell to fold the line continuation into executable command substitution that circumvents approval boundaries.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

OpenClaw 操作系统命令注入漏洞

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.22之前版本存在操作系统命令注入漏洞，该漏洞源于system.run中存在允许列表绕过，可能导致攻击者通过使用shell行继续字符分割命令替换来执行非允许列表中的命令，从而绕过安全分析。

N/A

N/A