CVE-2026-22168
Published: 18 March 2026
Summary
CVE-2026-22168 is a medium-severity Argument Injection (CWE-88) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Windows Command Shell (T1059.003); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AU-3 (Content of Audit Records) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation and sanitization of inputs to the system.run function to neutralize argument delimiters and prevent smuggling of arbitrary trailing arguments after cmd.exe /c.
SI-2 mandates timely flaw remediation by patching OpenClaw to version 2026.2.21 or later, directly eliminating the approval-integrity mismatch vulnerability.
AU-3 ensures audit records capture the full actual command executed, including smuggled arguments, to reveal mismatches between approved text and true execution for detection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Argument injection into cmd.exe /c directly enables arbitrary Windows command execution by authenticated operators.
NVD Description
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c…
more
to achieve local command execution on trusted Windows nodes with mismatched audit logs.
Deeper analysisAI
CVE-2026-22168 is an approval-integrity mismatch vulnerability in the system.run component of OpenClaw versions prior to 2026.2.21. This issue affects trusted Windows nodes, where authenticated operators can execute arbitrary trailing arguments appended after "cmd.exe /c" while the approval text displays only a benign command. Classified under CWE-88 (Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')), it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-03-18.
Authenticated operators with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation smuggles malicious arguments through "cmd.exe /c," enabling arbitrary local command execution on affected Windows nodes and producing mismatched audit logs that fail to capture the true commands run, potentially exposing sensitive data due to the high confidentiality impact (C:H).
Advisories recommend mitigation by upgrading to OpenClaw version 2026.2.21 or later. Relevant details are provided in the patching commit at https://github.com/openclaw/openclaw/commit/6007941f04df1edcca679dd6c95949744fdbd4df, the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-5v6x-rfc3-7qfr, and the Vulncheck advisory at https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmd-exe-c-trailing-arguments-in-system-run.
Details
- CWE(s)