216.73.216.215

CVE-2026-22175

· Published 18/03/2026 02:16 · Modified 19/03/2026 16:06

Labels: CVE-2026-22175 2026-03-18CVE-2026-22175CWE-184[email protected]

Essential information

Published
18/03/2026 02:16
Modified
19/03/2026 16:06
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads under the same multiplexer wrapper to satisfy stored allowlist rules, bypassing intended execution restrictions.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openclaw / openclaw cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

References