CVE-2026-28391
📋 TL;DR
OpenClaw versions before 2026.2.2 have a command injection vulnerability where attackers can bypass allowlist restrictions by using Windows cmd.exe metacharacters like & or %...%. This allows remote execution of unapproved commands beyond the intended allowlisted operations. Systems running vulnerable OpenClaw versions are affected.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary command execution with the privileges of the OpenClaw process, potentially leading to data theft, ransomware deployment, or complete system takeover.
Likely Case
Unauthorized command execution allowing privilege escalation, lateral movement, or data exfiltration depending on OpenClaw's permissions and network position.
If Mitigated
Limited impact if OpenClaw runs with minimal privileges, network segmentation restricts access, and proper input validation is implemented.
🎯 Exploit Status
Exploitation requires network access to OpenClaw's command execution interface. The vulnerability is in allowlist enforcement logic, not authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.2
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q
Restart Required: Yes
Instructions:
1. Download OpenClaw version 2026.2.2 or later from the official repository. 2. Stop the OpenClaw service. 3. Replace the vulnerable binary with the patched version. 4. Restart the OpenClaw service.
🔧 Temporary Workarounds
Restrict Network Access
windowsLimit network access to OpenClaw's command execution interface using firewall rules to only trusted IP addresses.
New-NetFirewallRule -DisplayName "Block OpenClaw External" -Direction Inbound -Protocol TCP -LocalPort <OpenClaw_port> -RemoteAddress Any -Action Block
Run with Minimal Privileges
windowsConfigure OpenClaw to run with a low-privilege service account instead of SYSTEM or Administrator.
sc config OpenClaw obj= ".\LowPrivUser" password= "password"
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OpenClaw from untrusted networks.
- Deploy application allowlisting to prevent execution of unauthorized binaries even if command injection succeeds.
🔍 How to Verify
Check if Vulnerable:
Check OpenClaw version: if version is less than 2026.2.2, the system is vulnerable. Test by attempting to inject cmd.exe metacharacters in command execution requests.Check Version:
openclaw --versionVerify Fix Applied:
After patching, verify the version is 2026.2.2 or higher and test that cmd.exe metacharacters no longer bypass allowlist restrictions.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in OpenClaw logs
- Commands containing &, %, or other cmd.exe metacharacters in execution requests
Network Indicators:
- Unexpected outbound connections from OpenClaw process
- Command execution requests from unauthorized IP addresses
SIEM Query:
source="OpenClaw" AND (command="*&*" OR command="*%*%")