{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw--2026.5.7/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (\u003c= 2026.5.7)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","code-execution","powershell","bypass","openclaw","npm","windows"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA critical vulnerability (GHSA-j472-gf56-x589) has been identified in the npm/openclaw package, affecting versions up to \u003ccode\u003e2026.5.7\u003c/code\u003e. This flaw allows PowerShell encoded-command aliases to circumvent security allowlist checks within the OpenClaw application. Specifically, when an attacker provides crafted input containing PowerShell commands with abbreviated encoded-command flags, the OpenClaw allowlist parser fails to recognize these alias forms, permitting the execution of unvetted PowerShell content. This bypass poses a significant risk to organizations using OpenClaw, as it enables unauthorized code execution on the underlying Windows operating system, potentially leading to system compromise, data exfiltration, or further network penetration if the affected feature is enabled, reachable by lower-trust input, and improperly configured.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eCrafted Input Delivery\u003c/strong\u003e: An attacker identifies an enabled and reachable OpenClaw feature that accepts command requests.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePayload Injection\u003c/strong\u003e: The attacker sends a crafted input to this feature, embedding PowerShell commands that utilize abbreviated encoded-command flags (e.g., \u003ccode\u003e-e\u003c/code\u003e instead of \u003ccode\u003e-EncodedCommand\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAllowlist Bypass\u003c/strong\u003e: OpenClaw's internal allowlist parser, designed to vet PowerShell commands, fails to properly recognize the abbreviated alias form of the encoded command flags.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnvetted Command Execution\u003c/strong\u003e: Due to the parsing failure, the embedded encoded PowerShell content bypasses the intended security allowlist checks.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePowerShell Process Launch\u003c/strong\u003e: OpenClaw executes the unvetted, encoded PowerShell command on the underlying Windows operating system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Execution\u003c/strong\u003e: The malicious PowerShell script performs attacker-defined actions, such as downloading and executing additional malware, establishing persistence, or exfiltrating sensitive data.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact Achieved\u003c/strong\u003e: The attacker gains unauthorized code execution capabilities within the OpenClaw environment and potentially on the host system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of this vulnerability can lead to unauthorized arbitrary code execution on the underlying Windows operating system hosting the OpenClaw application. The practical impact is highly dependent on the specific configuration of the OpenClaw instance and whether lower-trust or untrusted input sources can reach the vulnerable features. If an attacker can leverage this bypass, they could potentially compromise the entire host system, exfiltrate sensitive data processed by OpenClaw, or establish a foothold for further attacks within the organization's network. There are no specific victim counts or targeted sectors mentioned, but any organization using vulnerable versions of OpenClaw configured with reachable features accepting external input is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003enpm/openclaw\u003c/code\u003e package to version \u003ccode\u003e2026.5.12\u003c/code\u003e or later immediately to patch the vulnerability.\u003c/li\u003e\n\u003cli\u003eAs a temporary mitigation, avoid allowlisting PowerShell wrapper forms and require explicit approval for any encoded PowerShell commands until patching is complete.\u003c/li\u003e\n\u003cli\u003eDisable the affected OpenClaw features entirely if they are not strictly needed, reducing the attack surface.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect suspicious PowerShell encoded command execution on Windows hosts where OpenClaw is deployed.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive logging for PowerShell activity, including script block logging and module logging, to enhance visibility for the detection rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:12:38Z","date_published":"2026-07-03T12:12:38Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-powershell-alias-bypass/","summary":"A high-severity vulnerability (GHSA-j472-gf56-x589) in OpenClaw allows an attacker to bypass allowlist checks for PowerShell encoded commands by using abbreviated encoded-command flags, leading to unauthorized code execution on the underlying Windows system if a vulnerable feature is enabled and reachable.","title":"OpenClaw PowerShell Encoded-Command Alias Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-powershell-alias-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - OpenClaw (\u003c= 2026.5.7)","version":"https://jsonfeed.org/version/1.1"}