CVE-2026-28391

CRITICAL 9.8

OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.

Vendor	openclaw
Product	openclaw
Published	Mar 5, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new critical vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

OpenClaw / OpenClaw

0 < 2026.2.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q github.com: https://github.com/openclaw/openclaw/commit/a7f4a53ce80c98ba1452eb90802d447fca9bf3d6 vulncheck.com: https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmdexe-parsing-bypass-in-allowlist-enforcement

Credits

🔍 Petr Simecek (@simecek) Stanislav Fort, Aisle Research, www.aisle.com