What is CVE-2026-34425 in OpenClaw?

CVE-2026-34425 is a medium-severity vulnerability (CVSS 5.4) in OpenClaw's exec script preflight validation that allows arbitrary code execution by bypassing Shell-Bleed protection through complex interpreter invocations.

How does CVE-2026-34425 Shell-Bleed bypass work?

The regex-based parser fails open when it encounters complex command structures like quoted paths or piped commands. Simply quoting a script path (e.g. node "malicious.js") causes the parser to skip content validation entirely.

Which OpenClaw versions are affected by CVE-2026-34425?

All OpenClaw versions before 2026.4.2 are affected. The fix shipped in commit 8aceaf5 which redesigns the parsing architecture to enforce strict fail-closed validation.

How to fix CVE-2026-34425 OpenClaw Shell-Bleed vulnerability?

Upgrade OpenClaw to version 2026.4.2 or later. The fix replaces the fail-open regex parser with a fail-closed validation policy for the exec tool.

What is OpenClaw Shell-Bleed protection?

Shell-Bleed is a security control that prevents shell-specific syntax from executing inside interpreters like Python or Node.js via the exec tool. CVE-2026-34425 showed this protection could be bypassed.

← Back to dashboard

clawsmith.com/signal/cve-2026-34425-shell-bleed-validation-bypass-exec

⚠ IssueUnknownSecurityLive

CVE-2026-34425: Shell-Bleed Preflight Validation Bypass Allows Arbitrary Script Execution in OpenClaw

OpenClaw exec script preflight validation fails open on complex interpreter invocations (pipes, quoted paths, chained flags). The regex-based parser skips content validation when it cannot parse the command structure, allowing arbitrary code execution via the exec tool. CVSS 5.4 (Medium). Fixed in v2026.4.2.

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

3.7k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →

Product Idea from this Signal

A vulnerability intelligence feed that aggregates AI agent security events across the OpenClaw ecosystem and delivers scored alerts within minutes of disclosure

142 ▲

OpenClaw accumulated 138 CVEs in 63 days at a pace of 2.2 new vulnerabilities per day, while 155,000 unprotected instances sit exposed on the internet. Existing CVE databases track millions of generic entries but none focus specifically on the AI agent ecosystem. The jgamblin/OpenClawCVEs GitHub tracker (135 stars) proves demand exists, but it is a static repo with no alerting, no scoring, and no API. This product aggregates all AI agent security events in real time from GitHub Security Advisories, ClawHub skill audits, NVD feeds, and exposed instance scans, scores each by exploitability and blast radius specific to agent deployments, and delivers prioritized alerts via webhook, Slack, RSS, or API within minutes of disclosure.

APISECURITYOPEN-SOURCESAASDEVTOOL

CompetitiveView Opportunity →