What is the severity of CVE-2026-27487?

CVE-2026-27487 has a CVSS v3 score of 8, which is classified as High severity.

Is there an exploit available for CVE-2026-27487?

No known public exploits are currently available for CVE-2026-27487.

Is there a patch available for CVE-2026-27487?

Yes, patches are available for CVE-2026-27487. Check the vendor advisories for update instructions.

CVE-2026-27487 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-27487?

## Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via `security add-generic-password -w ...`. Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a shell by using `execFileSync("security", argv)` and passing the updated keychain payload as a literal argument. ## Affected Packages / Versions - Package: `openclaw` (npm) - Platform: macOS only - Affected versions: ` = 2026.2.14` (next release) - Fix PR: #15924 - Fix commits (merged to `main`): - `9dce3d8bf83f13c067bc3c32291643d2f1f10a06` - `66d7178f2d6f9d60abad35797f97f3e61389b70c` - `b908388245764fb3586859f44d1dff5372b19caf` Thanks @aether-ai-agent for reporting.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

CVE-2026-27487 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v38.0

CVSS v20.0

Priority Score618.0

EPSS Score0.0

High

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

8.0

CVSS

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk.

The fix avoids invoking a shell by using execFileSync("security", argv) and passing the updated keychain payload as a literal argument.

Affected Packages / Versions

Package: openclaw (npm)
Platform: macOS only
Affected versions: <= 2026.2.13

Fix

Patched version: >= 2026.2.14 (next release)
Fix PR: #15924
Fix commits (merged to main):
- 9dce3d8bf83f13c067bc3c32291643d2f1f10a06
- 66d7178f2d6f9d60abad35797f97f3e61389b70c
- b908388245764fb3586859f44d1dff5372b19caf

Thanks @aether-ai-agent for reporting.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Local

User Interaction:Required

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Patch References

Github.com Github.com Github.com

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Openclaw	Openclaw
Apple