CVE-2026-28391

CRITICAL LAB

OpenClaw <2026.2.2 - Command Injection

Title source: llm

Description

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · cpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28391

View Code ZIP pw:eip

References (3)

[Patch] https://github.com/openclaw/openclaw/commit/a7f4a53ce80c98ba1452eb90802d447fca9bf3d6

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmdexe-parsing-bypass-in-allowlist-enforcement

Scores

CVSS v3 9.8

EPSS 0.0005

EPSS Percentile 14.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

Lab screenshot

vulnerable

docker pull ghcr.io/exploitintel/cve-2026-28391-vulnerable:latest

All Labs GitHub

Classification

CWE

CWE-184

Status draft

Timeline

Published Mar 05, 2026

Tracked Since Mar 06, 2026