CVE-2026-53855: OpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval Checks

Synopsis

An inline-eval allowlist bypass affects OpenClaw versions before 2026.4.2. An authenticated operator can exploit this over the network by crafting shell positional parameters that smuggle unapproved content past strict allowlist checks, placing inline-eval payloads into shell carriers that the allowlist was not designed to inspect. Successful exploitation lets the attacker execute unapproved shell-provided content and read or modify data accessible to the affected process. A patched-image rebuild at version 2026.4.2 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The attacker must reach the OpenClaw service over the network to deliver the crafted request.

• AuthenticationRequired

  A low-privilege operator account is sufficient; no admin credentials are needed to exploit this bypass.

• Victim interactionNot required

  No user interaction is required; the attacker acts entirely on their own without involving another person.

• Attack complexityDetail

  The exploit is reliable and condition-free in terms of software state, though an additional specific deployment condition (AT:P) must be present for the attack to succeed.

Blast Radius

• Reads confidential data accessible to the OpenClaw process, including configuration secrets and any stored credentials the process can reach.
• Modifies data or state reachable by the process, such as configuration files, job definitions, or persisted records.
• Executes unapproved shell content within the OpenClaw runtime, giving the attacker control over what commands run under the process identity.
• Impact is confined to the host running OpenClaw; downstream systems and availability of the service itself are not directly affected based on the CVSS scope and availability tokens.