Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
OpenClaw versions prior to 2026.2.2 allow unauthorized command execution
CVE-2026-28470
GHSA-3hcm-ggvf-rch5
Summary
Using OpenClaw versions before 2026.2.2 without a security setting enabled, attackers can run unauthorized system commands, potentially giving them access to sensitive data or system control. This can happen if an attacker can inject specific characters into a command. Update to OpenClaw 2026.2.2 or later to fix this issue.
What to do
- Update steipete openclaw to version 2026.2.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.2 | 2026.2.2 |
| openclaw | openclaw | <= 2026.2.2 | – |
Original title
OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution ...
Original description
OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $() or backticks inside double-quoted strings to execute unauthorized commands.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.2
Vulnerability type
CWE-88
CWE-78
OS Command Injection
- https://github.com/openclaw/openclaw/commit/d1ecb46076145deb188abcba8f0699709ea1...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3hcm-ggvf-rch5
- https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-command-...
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.2
- https://nvd.nist.gov/vuln/detail/CVE-2026-28470
- https://github.com/advisories/GHSA-3hcm-ggvf-rch5
Published: 5 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026