CVE-2026-26323
Published: 19 February 2026
Summary
CVE-2026-26323 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 25.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-26323 is an OS command injection vulnerability (CWE-78) in OpenClaw, a personal AI assistant. The issue resides in the maintainer and developer script `scripts/update-clawtributors.ts`, affecting versions 2026.1.8 through 2026.2.13. The script insecurely derives a GitHub login from Git commit author metadata obtained via `git log` and interpolates it into a shell command executed through `execSync`. Normal CLI usage, such as installation via `npm i -g openclaw`, remains unaffected, as the script is not included in the shipped CLI package or executed during routine operations.
Exploitation requires contributors, maintainers, or CI systems to execute `bun scripts/update-clawtributors.ts` within a source code checkout containing a commit with a malicious author email, such as a crafted value like `@users[.]noreply[.]github[.]com` embedding shell metacharacters. An attacker who controls or influences a commit record in the repository's Git history can inject arbitrary commands, achieving remote code execution on the victim's machine upon script invocation. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects network accessibility, low complexity, no privileges required, user interaction via script execution, and high impacts on confidentiality, integrity, and availability.
The vulnerability is addressed in OpenClaw version 2026.2.14. Security advisories recommend updating to this patched release. Details are provided in the GitHub security advisory (GHSA-m7x8-2w3w-pr42), the fixing commit (a429380e337152746031d290432a4b93aa553d55), and the v2026.2.14 release notes.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8426
Vulnerability details
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email…
more
(e.g. crafted `@users[.]noreply[.]github[.]com` values). Normal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation. The script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run. Version 2026.2.14 contains a patch.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection via unsanitized git metadata interpolated into execSync enables arbitrary Unix shell command execution on developer/CI systems running the script.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of untrusted Git commit author metadata before interpolating into shell commands via execSync, directly preventing the command injection vulnerability.
Mandates timely identification, reporting, and patching of flaws like this command injection, ensuring upgrade to the fixed version 2026.2.14.
Enforces developer use of secure development processes, standards, and tools that prohibit unsafe practices such as unsanitized data interpolation in maintainer scripts.