GHSA-4564-PVR2-QQ4H

Vulnerability from github – Published: 2026-02-18 17:39 – Updated: 2026-02-23 22:28
VLAI?
Summary
OpenClaw: Prevent shell injection in macOS keychain credential write
Details

Summary

On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk.

The fix avoids invoking a shell by using execFileSync("security", argv) and passing the updated keychain payload as a literal argument.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Platform: macOS only
  • Affected versions: <= 2026.2.13

Fix

  • Patched version: >= 2026.2.14 (next release)
  • Fix PR: #15924
  • Fix commits (merged to main):
  • 9dce3d8bf83f13c067bc3c32291643d2f1f10a06
  • 66d7178f2d6f9d60abad35797f97f3e61389b70c
  • b908388245764fb3586859f44d1dff5372b19caf

Thanks @aether-ai-agent for reporting.

Severity ?
7.6 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-18T17:39:00Z",
    "nvd_published_at": "2026-02-21T10:16:13Z",
    "severity": "HIGH"
  },
  "details": "## Summary\nOn macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk.\n\nThe fix avoids invoking a shell by using `execFileSync(\"security\", argv)` and passing the updated keychain payload as a literal argument.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Platform: macOS only\n- Affected versions: `\u003c= 2026.2.13`\n\n## Fix\n- Patched version: `\u003e= 2026.2.14` (next release)\n- Fix PR: #15924\n- Fix commits (merged to `main`):\n  - `9dce3d8bf83f13c067bc3c32291643d2f1f10a06`\n  - `66d7178f2d6f9d60abad35797f97f3e61389b70c`\n  - `b908388245764fb3586859f44d1dff5372b19caf`\n\nThanks @aether-ai-agent for reporting.",
  "id": "GHSA-4564-pvr2-qq4h",
  "modified": "2026-02-23T22:28:27Z",
  "published": "2026-02-18T17:39:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27487"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/15924"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw: Prevent shell injection in macOS keychain credential write"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.