CVE-2026-28391

Summary

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %…% to execute unapproved commands beyond the allowlisted operations.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.2.2affected

Weaknesses

  • Incomplete List of Disallowed Inputs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References