Skip to content

OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs

Moderate severity GitHub Reviewed Published Apr 23, 2026 in openclaw/openclaw • Updated May 13, 2026

Package

npm openclaw (npm)

Affected versions

<= 2026.4.21

Patched versions

2026.4.22

Description

Summary

Exec allowlist analysis rejects shell expansion in unquoted heredocs

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.4.21
  • Fixed version: 2026.4.22

Impact

An allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.

Fix

The exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.

Fix Commit(s)

  • b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5

Verification

  • The fix commit is contained in the public v2026.4.22 tag.
  • openclaw@2026.4.22 is published on npm and the compiled package contains the fix.
  • Focused regression coverage for this path passed before publication.

Thanks @VladimirEliTokarev for reporting.

References

@steipete steipete published to openclaw/openclaw Apr 23, 2026
Published to the GitHub Advisory Database May 4, 2026
Reviewed May 4, 2026
Last updated May 13, 2026

Severity

Moderate

EPSS score

Weaknesses

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-x3h8-jrgh-p8jx

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.