CVE-2026-28470
OpenClaw · Multiple Products
OpenClaw contains an allowlist bypass vulnerability in its execution approval feature, allowing attackers to execute arbitrary commands via command substitution syntax.
Executive summary
A critical command injection vulnerability in OpenClaw allows attackers to bypass security allowlists and execute arbitrary code on the underlying system.
Vulnerability
The vulnerability is located in the execution approval mechanism, which fails to properly sanitize inputs. An unauthenticated attacker can embed command substitution syntax, such as $() or backticks, within double-quoted strings to bypass established security allowlists and execute unauthorized system commands.
Business impact
Successful exploitation allows for full Remote Code Execution (RCE) on the host system, granting an attacker the ability to steal data, deploy malware, or pivot deeper into the corporate network. With a CVSS score of 9.8, this represents a critical threat to system availability and data confidentiality, requiring immediate remediation.
Remediation
Immediate Action: Apply the update to version 2026.2.2 or later immediately to patch the command injection vulnerability.
Proactive Monitoring: Review system execution logs for unusual command patterns or unauthorized processes spawned by the OpenClaw service.
Compensating Controls: Ensure the service runs with the principle of least privilege, minimizing the impact if RCE is achieved, and utilize WAF rules to detect and drop common command injection payloads.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The risk of Remote Code Execution makes this vulnerability a high-priority item. Organizations should verify their current version and update to 2026.2.2 immediately to neutralize the threat of arbitrary command execution.