CVE-2026-31992

Published: Mar 19, 2026 Last Modified: Mar 19, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: low

Description

AI Translation Available

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at runtime.

184

Incomplete List of Disallowed Inputs

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/openclaw/openclaw/commit/3f923e831364d83…

https://github.com/openclaw/openclaw/commit/3f923e831364d83d0f23499ee49961de334…

https://github.com/openclaw/openclaw/commit/a1c4bf07c6baad3…

https://github.com/openclaw/openclaw/commit/a1c4bf07c6baad3ef87a0e710fe9aef127b…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-48wf-g7cp-gr3m

https://www.vulncheck.com/advisories/openclaw-allowlist-exe…

https://www.vulncheck.com/advisories/openclaw-allowlist-exec-guard-bypass-via-e…