CVE-2026-28391

CRITICAL LAB

OpenClaw <2026.2.2 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28391. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-28391, demonstrating a command injection vulnerability in OpenClaw <= 2026.2.1 due to improper handling of Windows cmd.exe parsing behavior. The PoC includes multiple exploit vectors and a Docker-based lab environment for testing.

Description

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · cpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28391

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-28391, demonstrating a command injection vulnerability in OpenClaw <= 2026.2.1 due to improper handling of Windows cmd.exe parsing behavior. The PoC includes multiple exploit vectors and a Docker-based lab environment for testing.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenClaw <= 2026.2.1

Auth required

Prerequisites: OpenClaw in allowlist mode · Windows cmd.exe parsing environment (emulated via Wine in this lab)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 08, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory

https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q

Patch patch

https://github.com/openclaw/openclaw/commit/a7f4a53ce80c98ba1452eb90802d447fca9bf3d6

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmdexe-parsing-bypass-in-allowlist-enforcement

Related Analysis

OpenClaw Command Injection

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2026-28391-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-78

Status published

Products (2)

npm/openclaw 0 - 2026.2.2npm

openclaw/openclaw < 2026.2.2

Published Mar 05, 2026

Tracked Since Mar 06, 2026