CVE-2026-27487 in OpenClaw
Summary
by MITRE • 02/21/2026
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/21/2026
The vulnerability identified as CVE-2026-27487 affects OpenClaw, a personal AI assistant application designed for macOS environments. This security flaw exists in versions 2026.2.13 and earlier, specifically impacting how the application handles credential refresh operations for Claude CLI keys stored in macOS Keychain. The issue stems from improper input validation and sanitization within the command construction process, creating a critical command injection vulnerability that could be exploited by malicious actors.
The technical flaw manifests in the credential refresh mechanism where OpenClaw constructs shell commands dynamically to update JSON blob data within the macOS Keychain using the security add-generic-password command. When OAuth tokens are processed as part of this workflow, the application fails to properly escape or validate these user-controlled inputs before incorporating them into shell command strings. This design flaw directly violates security best practices and creates an environment where attacker-controlled data can influence command execution flow, allowing arbitrary shell command injection attacks to be executed through the legitimate credential management interface.
The operational impact of this vulnerability is severe as it provides an attack vector that could enable unauthorized access to user credentials and potentially full system compromise. An attacker who can influence the OAuth token data during the credential refresh process could inject malicious commands that would execute with the privileges of the user running OpenClaw. This could lead to credential theft, unauthorized access to cloud services, or even remote code execution depending on the privileges available to the application. The vulnerability affects macOS users specifically and represents a critical security gap in the application's input handling mechanisms.
This vulnerability maps to CWE-78, which describes improper neutralization of special elements used in OS commands, and aligns with ATT&CK technique T1059.004 for command and scripting interpreter. The issue demonstrates poor input validation and command construction practices that are commonly exploited in privilege escalation and persistence attacks. Organizations using OpenClaw should immediately upgrade to version 2026.2.14 or later, which implements proper input sanitization and command construction methods to prevent OS command injection. Additionally, users should verify that their systems are not vulnerable by checking their installed version and ensuring all credential refresh operations are properly secured against malicious input manipulation. The fix addresses the root cause by implementing proper shell escaping and input validation for all user-controlled data elements within the credential management workflow.