Zero Day MonitorZDM

← Back to list

5.4

CVE-2026-34425EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

Description

OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	0

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q(vendor-advisory)
https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513(patch)
https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass(third-party-advisory)

Related News (5 articles)

Tier C

VulDB2d ago

CVE-2026-34425 | OpenClaw validateScriptFileForShellBleed incomplete blacklist (GHSA-fvx6-pj3r-5q4q)

→ No new info (linked only)

Tier B

BSI Advisories3d ago

[UPDATE] [hoch] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[NEU] [hoch] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[UPDATE] [mittel] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[UPDATE] [hoch] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.15.4 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513

CWECWE-184

PublishedApr 2, 2026

Last enriched2d agov2

Tags

privilege escalationcode executiondata disclosuresecurity bypass

Trending Score34

Source articles5

Independent2

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34511EXP

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

NONECVE-2026-33579

OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

CRITICALCVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free executio

CRITICALCVE-2026-30741

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

NONECVE-2026-34426

OpenClaw - Approval Bypass via Environment Variable Normalization

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: vendor, product

Apr 2, 2026

Actively Exploited

Apr 3, 2026

Exploit Available

Apr 3, 2026

Patch Available

Apr 3, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated vendor and product information, changed severity to CRITICAL, and marked the vulnerability as actively exploited.

vendorproduct

via VulDB

v12d ago

Initial creation