{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27487", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-19T19:46:03.541Z", "datePublished": "2026-02-21T09:35:28.935Z", "dateUpdated": "2026-02-24T18:21:54.882Z"}, "containers": {"cna": {"title": "OpenClaw: Prevent shell injection in macOS keychain credential write", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h"}, {"name": "https://github.com/openclaw/openclaw/pull/15924", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/pull/15924"}, {"name": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c"}, {"name": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06"}, {"name": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf"}, {"name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"version": "< 2026.2.14", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T09:35:28.935Z"}, "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14."}], "source": {"advisory": "GHSA-4564-pvr2-qq4h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:21:33.991585Z", "id": "CVE-2026-27487", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:21:54.882Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27487", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T18:21:33.991585Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:21:43.912Z"}}], "cna": {"title": "OpenClaw: Prevent shell injection in macOS keychain credential write", "source": {"advisory": "GHSA-4564-pvr2-qq4h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"status": "affected", "version": "< 2026.2.14"}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h", "name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openclaw/openclaw/pull/15924", "name": "https://github.com/openclaw/openclaw/pull/15924", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c", "name": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06", "name": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf", "name": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T09:35:28.935Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27487", "state": "PUBLISHED", "dateUpdated": "2026-02-24T18:21:54.882Z", "dateReserved": "2026-02-19T19:46:03.541Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-21T09:35:28.935Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "0F3079A3-9FBD-4E87-821D-5CAF0622C555", "versionEndExcluding": "2026.2.14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14."}], "id": "CVE-2026-27487", "lastModified": "2026-02-23T20:41:59.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-21T10:16:13.100", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389b70c"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f10a06"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b19caf"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/openclaw/openclaw/pull/15924"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.2.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openclaw", "source": "cna", "vendor": "openclaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-04-17T16:47:35.557830+00:00", "value": {"mitigation_remediation": ["Upgrade the OpenClaw installation to version 2026.2.14 or later. ", "Ensure that any OAuth tokens used by OpenClaw are issued by trusted providers and are not tampered with. ", "If an upgrade cannot be performed immediately, review and modify the credential write logic to eliminate shell command usage or strictly sanitize the token content before passing it to the command line."], "summary": {"action": "Patch", "impact": "OS Command Injection"}, "threat_synthesis": {"affected_systems": "The vulnerable product is OpenClaw, a personal AI assistant built on Node.js. Any installations using version 2026.2.13 or earlier running on macOS are affected.", "description_and_impact": "The vulnerability arises from the construction of a shell command in the keychain credential refresh path of OpenClaw\u2019s Claude CLI on macOS. In versions 2026.2.13 and older, the JSON blob holding OAuth tokens is passed unchecked to the \"security add-generic-password\" command. Because the tokens are user-controlled, an attacker can inject arbitrary shell commands. The flaw is a Command Injection (CWE\u201178) and could allow arbitrary code execution with the privileges of the OpenClaw process.", "risk_and_exploitability": "The CVSS score of 7.6 reflects high severity, yet the EPSS is under 1%, indicating a low likelihood of exploitation in the wild. The issue is not listed in CISA\u2019s KEV catalog. Exploitation requires that an attacker can supply a malicious OAuth token to the affected instance, implying a local or privileged context. If such a token is injected, the arbitrary command will run with the OpenClaw process\u2019s rights."}}}}, "created": "2026-02-23T14:32:06.498878+00:00", "updated": "2026-04-17T17:00:10.145043+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}