CVE-2026-28463 | THREATINT

Description

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.

PUBLISHED Reserved 2026-02-27 | Published 2026-03-05 | Updated 2026-03-05 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version before 2026.2.14

affected

References

github.com/...enclaw/security/advisories/GHSA-xvhf-x56f-2hpp (GitHub Security Advisory (GHSA-xvhf-x56f-2hpp)) vendor-advisory

github.com/...ommit/77b89719d5b7e271f48b6f49e334a8b991468c3b (Patch Commit) patch

www.vulncheck.com/...-shell-expansion-in-safe-bins-allowlist (VulnCheck Advisory: OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist) third-party-advisory

cve.org (CVE-2026-28463)

nvd.nist.gov (CVE-2026-28463)

Download JSON