CVE-2026-28463
MEDIUM WAF: High
CVSS 5.5
Published: 2026-03-05
CWE-78
OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| openclaw | openclaw | up to 2026.2.14 |
References
- github.com (Patch)
- github.com (Vendor Advisory, Patch)
- www.vulncheck.com (Third Party Advisory)