MEDIUM 6.6 npm
Duplicate Advisory: macOS Swift exec allowlist missed combined POSIX inline flags
GHSA-g796-jqmx-wf9q
Published · Modified
Description
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-c226-q6fx-6j6c. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing unauthorized command execution depending on operator configuration.
References
Ready to move
Start Securing
Free, no credit card | First findings in minutes