VDB
KO
MEDIUM

GHSA-x3h8-jrgh-p8jx

OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs

Details

## Summary Exec allowlist analysis rejects shell expansion in unquoted heredocs

## Affected Packages / Versions - Package: openclaw (npm) - Affected versions: <= 2026.4.21 - Fixed version: 2026.4.22

## Impact An allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.

## Fix The exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.

## Fix Commit(s) - b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5

## Verification - The fix commit is contained in the public v2026.4.22 tag. - openclaw@2026.4.22 is published on npm and the compiled package contains the fix. - Focused regression coverage for this path passed before publication.

Thanks @VladimirEliTokarev for reporting.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / openclaw
Introduced in: 0 Fixed in: 2026.4.22
Fix npm install openclaw@2026.4.22

References