Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.6
macOS Keychain Access: Shell Injection Risk from OpenClaw
CVE-2026-27487
GHSA-4564-pvr2-qq4h
Summary
The OpenClaw software for macOS has a security issue that could allow an attacker to inject malicious commands when accessing your keychain. This is a risk because it allows a user-controlled input to be executed as a system command. To fix this, the OpenClaw developers have updated their software to prevent this risk. If you use OpenClaw, make sure to update to the latest version to protect your keychain.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw: Prevent shell injection in macOS keychain credential write
Original description
## Summary
On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk.
The fix avoids invoking a shell by using `execFileSync("security", argv)` and passing the updated keychain payload as a literal argument.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Platform: macOS only
- Affected versions: `<= 2026.2.13`
## Fix
- Patched version: `>= 2026.2.14` (next release)
- Fix PR: #15924
- Fix commits (merged to `main`):
- `9dce3d8bf83f13c067bc3c32291643d2f1f10a06`
- `66d7178f2d6f9d60abad35797f97f3e61389b70c`
- `b908388245764fb3586859f44d1dff5372b19caf`
Thanks @aether-ai-agent for reporting.
On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk.
The fix avoids invoking a shell by using `execFileSync("security", argv)` and passing the updated keychain payload as a literal argument.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Platform: macOS only
- Affected versions: `<= 2026.2.13`
## Fix
- Patched version: `>= 2026.2.14` (next release)
- Fix PR: #15924
- Fix commits (merged to `main`):
- `9dce3d8bf83f13c067bc3c32291643d2f1f10a06`
- `66d7178f2d6f9d60abad35797f97f3e61389b70c`
- `b908388245764fb3586859f44d1dff5372b19caf`
Thanks @aether-ai-agent for reporting.
nvd CVSS3.1
8.0
Vulnerability type
CWE-78
OS Command Injection
- https://github.com/openclaw/openclaw/commit/66d7178f2d6f9d60abad35797f97f3e61389... Patch
- https://github.com/openclaw/openclaw/commit/9dce3d8bf83f13c067bc3c32291643d2f1f1... Patch
- https://github.com/openclaw/openclaw/commit/b908388245764fb3586859f44d1dff5372b1... Patch
- https://github.com/openclaw/openclaw/pull/15924 Issue Tracking
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4564-pvr2-qq4h Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-27487
- https://github.com/advisories/GHSA-4564-pvr2-qq4h
Published: 18 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026