CVE-2026-28466
📋 TL;DR
OpenClaw gateway versions before 2026.2.14 have an authorization bypass vulnerability where authenticated clients can manipulate node.invoke parameters to bypass execution approval controls. This allows attackers with valid gateway credentials to run arbitrary system commands on connected node hosts, potentially compromising developer workstations and CI/CD runners.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all connected node hosts, including developer workstations and CI runners, leading to data theft, lateral movement, and potential supply chain attacks.
Likely Case
Attackers with stolen or compromised gateway credentials execute arbitrary commands on connected nodes, potentially gaining persistent access to development environments.
If Mitigated
Limited impact if proper network segmentation, least privilege access, and command allowlisting are implemented.
🎯 Exploit Status
Exploitation requires valid gateway credentials but is straightforward once credentials are obtained. The vulnerability is in authorization logic rather than complex memory corruption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.14 and later
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-gv46-4xfq-jv58
Restart Required: Yes
Instructions:
1. Update OpenClaw to version 2026.2.14 or later. 2. Restart the OpenClaw gateway service. 3. Verify the patch is applied by checking the version.
🔧 Temporary Workarounds
Disable system.run commands
allTemporarily disable system.run functionality in node.invoke parameters until patching is complete.
# Edit OpenClaw configuration to remove or comment out system.run command handlers
Implement network segmentation
allIsolate OpenClaw gateway from sensitive systems and implement strict firewall rules.
# Configure firewall to restrict OpenClaw gateway access to only necessary systems
🧯 If You Can't Patch
- Implement strict command allowlisting for system.run operations
- Enforce multi-factor authentication for all gateway credentials and rotate credentials immediately
🔍 How to Verify
Check if Vulnerable:
Check OpenClaw version: if version is less than 2026.2.14, the system is vulnerable.Check Version:
openclaw --versionVerify Fix Applied:
Verify OpenClaw version is 2026.2.14 or later and test that approval controls properly validate node.invoke parameters.📡 Detection & Monitoring
Log Indicators:
- Unauthorized system.run commands in gateway logs
- node.invoke requests with modified approval fields
- Failed approval checks for system.run operations
Network Indicators:
- Unusual command execution patterns from gateway to nodes
- Suspicious system commands originating from gateway
SIEM Query:
source="openclaw_gateway" AND (command="system.run" OR parameter="node.invoke") AND approval_status="bypassed"🔗 References
- https://github.com/openclaw/openclaw/commit/0af76f5f0e93540efbdf054895216c398692afcd
- https://github.com/openclaw/openclaw/commit/318379cdb8d045da0009b0051bd0e712e5c65e2d
- https://github.com/openclaw/openclaw/commit/a7af646fdab124a7536998db6bd6ad567d2b06b0
- https://github.com/openclaw/openclaw/commit/c1594627421f95b6bc4ad7c606657dc75b5ad0ce
- https://github.com/openclaw/openclaw/security/advisories/GHSA-gv46-4xfq-jv58
- https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-invoke-approval-bypass
