CVE-2026-44115: OpenClaw Shell Expansion Bypass Allows Execution Allowlist Circumvention (CVSS 8.8)

High-severity vulnerability (CVSS 8.8) in OpenClaw before 2026.4.22 allows attackers to embed shell expansion tokens within unquoted heredoc bodies, bypassing the execution allowlist and running unapproved commands at runtime. Published May 6, 2026.

Product Idea from this Signal

A CLI tool that scans a running OpenClaw instance for active CVEs, malicious skills, and supply chain tampering before they get exploited

807 ▲

OpenClaw has accumulated 433+ CVEs in five months including critical auth bypasses (CVSS 9.8), sandbox escapes, and nation-state supply chain attacks targeting the npm ecosystem. Most operators have no idea which CVEs affect their specific version, whether their installed skills contain backdoors, or if their dependency tree has been tampered with. This tool runs a comprehensive security audit against a live OpenClaw instance and outputs an actionable remediation plan.

CLIOPEN-SOURCESECURITYDEVTOOLAUDIT

CompetitiveView Opportunity →