New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 6.6 npm

Duplicate Advisory: macOS Swift exec allowlist missed combined POSIX inline flags

GHSA-g796-jqmx-wf9q

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c226-q6fx-6j6c. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.

Ready to move

Start Securing

Free, no credit card | First findings in minutes