A critical command injection vulnerability in OpenClaw allows remote attackers to bypass security allowlists and execute unauthorized Windows shell commands using metacharacters.

This vulnerability stems from improper input validation of Windows cmd.exe metacharacters (such as & or %) within allowlist-gated exec requests. A remote attacker can craft malicious command strings that break out of the intended application logic to execute arbitrary system commands.

A successful exploit allows an attacker to circumvent all command approval restrictions, leading to full control over the host operating system. This can result in unauthorized data access, system disruption, and the deployment of malware. The CVSS score of 9.8 indicates that this is a critical remote threat requiring minimal attacker effort.

Immediate Action: Update OpenClaw to version 2026.2.2 or higher to implement proper sanitization of shell metacharacters.

Proactive Monitoring: Review system logs for unusual command-line arguments containing shell metacharacters and monitor for unexpected child processes originating from the OpenClaw service.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules designed to detect and block common shell injection patterns in incoming requests.

Public Exploit Available: false

The ability to bypass allowlists via simple metacharacters represents a significant failure in security controls. It is recommended to apply the vendor-provided patch immediately. Furthermore, ensure the service is running with the least privilege possible to limit the impact of any potential command execution.