CVE-2026-44115

HighPublic PoC

Published: 06 May 2026

Published

06 May 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score N/A

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-8 Spam Protection

addresses: CWE-184

Spam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-184

References

https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-shell-expansion-bypass-in-unquoted-heredocs-via-exec-allowlist
disclosure@vulncheck.com