CVE-2026-26323
Published: 19 February 2026
Summary
CVE-2026-26323 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of untrusted Git commit author metadata before interpolating into shell commands via execSync, directly preventing the command injection vulnerability.
Mandates timely identification, reporting, and patching of flaws like this command injection, ensuring upgrade to the fixed version 2026.2.14.
Enforces developer use of secure development processes, standards, and tools that prohibit unsafe practices such as unsanitized data interpolation in maintainer scripts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection via unsanitized git metadata interpolated into execSync enables arbitrary Unix shell command execution on developer/CI systems running the script.
NVD Description
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email…
more
(e.g. crafted `@users[.]noreply[.]github[.]com` values). Normal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation. The script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run. Version 2026.2.14 contains a patch.
Deeper analysisAI
CVE-2026-26323 is an OS command injection vulnerability (CWE-78) in OpenClaw, a personal AI assistant. The issue resides in the maintainer and developer script `scripts/update-clawtributors.ts`, affecting versions 2026.1.8 through 2026.2.13. The script insecurely derives a GitHub login from Git commit author metadata obtained via `git log` and interpolates it into a shell command executed through `execSync`. Normal CLI usage, such as installation via `npm i -g openclaw`, remains unaffected, as the script is not included in the shipped CLI package or executed during routine operations.
Exploitation requires contributors, maintainers, or CI systems to execute `bun scripts/update-clawtributors.ts` within a source code checkout containing a commit with a malicious author email, such as a crafted value like `@users[.]noreply[.]github[.]com` embedding shell metacharacters. An attacker who controls or influences a commit record in the repository's Git history can inject arbitrary commands, achieving remote code execution on the victim's machine upon script invocation. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects network accessibility, low complexity, no privileges required, user interaction via script execution, and high impacts on confidentiality, integrity, and availability.
The vulnerability is addressed in OpenClaw version 2026.2.14. Security advisories recommend updating to this patched release. Details are provided in the GitHub security advisory (GHSA-m7x8-2w3w-pr42), the fixing commit (a429380e337152746031d290432a4b93aa553d55), and the v2026.2.14 release notes.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai