MEDIUM 4.3 npm
Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers
GHSA-wrr6-p5r6-474m
Published · Modified
Description
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-cwpp-5962-q4f6. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations.
Ready to move
Start Securing
Free, no credit card | First findings in minutes