GHSA-9868-vxmx-w862: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution

March 3, 2026

In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $\\ + newline + ( inside double quotes. Analysis treated the payload as allowlisted (for example /bin/echo), while shell runtime folded the line continuation into $(...) and executed non-allowlisted subcommands.

References

github.com/advisories/GHSA-9868-vxmx-w862
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9
github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862

Code Behaviors & Features

Detect and mitigate GHSA-9868-vxmx-w862 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →