CVE-2026-27487: OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credenti
highvulnerabilityLLM-Specific
security
Summary
OpenClaw, a personal AI assistant, had a security flaw in versions 2026.2.13 and below on macOS where OAuth tokens (authentication credentials that prove you're logged in) could be used to inject malicious OS commands (commands that run at the operating system level) into the credential refresh process. An attacker could exploit this by crafting a specially designed token to execute arbitrary commands on the affected system.
Solution / Mitigation
Update to version 2026.2.14 or later. According to the source, 'This issue has been fixed in version 2026.2.14.'
Vulnerability Details
CVSS Score
7.6(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-27487
First tracked: February 21, 2026 at 07:07 AM
Classified by LLM (prompt v3) · confidence: 85%