Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.4

OpenClaw Gateway: Authentication Bypass via Unsanitized Parameters

CVE-2026-28466 GHSA-gv46-4xfq-jv58
Summary

Authenticated users can execute arbitrary commands on connected nodes by manipulating approval fields in OpenClaw Gateway versions prior to 2026.2.14. This allows attackers to potentially compromise nodes and developer workstations. Update to version 2026.2.14 or later to fix this issue.

What to do
  • Update steipete openclaw to version 2026.2.14.
Affected software
VendorProductAffected versionsFix available
steipete openclaw <= 2026.2.14 2026.2.14
openclaw openclaw <= 2026.2.14 –
Original title
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypas...
Original description
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.
nvd CVSS3.1 9.9
nvd CVSS4.0 9.4
Vulnerability type
CWE-863 Incorrect Authorization
CWE-20 Improper Input Validation
CWE-441
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026