CVE-2026-28363
Published: 27 February 2026
Summary
CVE-2026-28363 is a critical-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the incomplete validation of command-line options like GNU abbreviations, preventing bypasses in the tools.exec.safeBins allowlist mechanism.
Enforces deny-all, permit-by-exception policies for software execution, mitigating unauthorized execution paths enabled by the sort utility validation bypass.
Requires timely remediation of flaws such as this validation bypass, with OpenClaw 2026.2.23 explicitly fixing the issue.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote bypass (AV:N) of safeBins allowlist validation in OpenClaw, enabling execution of unintended binaries via GNU sort --compress-prog abbreviations; this directly maps to exploitation of a public-facing application (T1190) and indirect command execution through an allowed utility (T1202).
NVD Description
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was…
more
denied.
Deeper analysisAI
CVE-2026-28363 is a vulnerability in OpenClaw versions prior to 2026.2.23, affecting the tools.exec.safeBins validation mechanism specifically for the sort utility. In allowlist mode, the validation can be bypassed using GNU long-option abbreviations, such as --compress-prog, which evades restrictions. This allows execution paths intended to require explicit approval to run without it, as the check only denied exact strings like --compress-program. The issue is classified under CWE-184 (Incomplete List of Disallowed Inputs) with a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
A low-privileged user (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation changes scope (S:C) and grants high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H), enabling unauthorized execution of unintended binaries or paths via manipulated sort options in allowlist mode.
The GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78 provides details on the issue, with mitigation achieved by upgrading to OpenClaw 2026.2.23 or later, which addresses the validation bypass for abbreviated options.
Details
- CWE(s)