CVE-2026-53866: OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

Synopsis

An allowlist bypass vulnerability exists in OpenClaw's shell inline-command parser, affecting all versions before 2026.5.12. The flaw is reachable over the network by any authenticated operator-level account, requiring no interaction from a victim. Successful exploitation lets an attacker execute arbitrary shell commands that should have been blocked by the allowlist, bypassing the approval controls meant to gate privileged operations. A patched-image rebuild at version 2026.5.12 is available on HarborGuard for affected environments.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The vulnerable parser endpoint is exposed over the network, so an attacker must be able to reach the OpenClaw service remotely.

• AuthenticationRequired

  A low-privilege operator-level account is sufficient; no administrative credentials are needed to trigger the bypass.

• Victim interactionNot required

  The attacker can exploit this flaw entirely on their own without requiring any action from another user.

• Attack complexityDetail

  While the exploit path itself is reliable and condition-free, a specific attack target requirement (AT:P) means certain environmental or configuration preconditions must align for the bypass to succeed.

Blast Radius

• Reads files, environment variables, or secrets accessible to the OpenClaw process by executing unapproved shell commands.
• Writes to or modifies files, configuration, or state that the process has access to, bypassing the approval controls intended to prevent such changes.
• The service itself is not crashed by this exploit (availability impact is none), so the attacker can operate persistently without triggering an outage-based alert.