New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 4.3 npm

Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers

GHSA-wrr6-p5r6-474m

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-cwpp-5962-q4f6. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to perform unintended operations.

Ready to move

Start Securing

Free, no credit card | First findings in minutes