Cyber Resilience

CVE-2026-28391

CriticalPublic PoCRCE

Published: 05 March 2026

Published
05 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0050 38.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-28391 is a critical-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28391 is a command injection vulnerability (CWE-78) affecting OpenClaw versions prior to 2026.2.2, specifically in non-default configurations that use allowlist-gated exec requests on Windows. The flaw arises from improper validation of cmd.exe metacharacters, enabling attackers to bypass command approval restrictions. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-05.

Remote, unauthenticated attackers can exploit this vulnerability by crafting command strings incorporating shell metacharacters such as & or %...%, allowing execution of arbitrary commands beyond the allowlisted operations. No privileges, user interaction, or special access are required, making it highly accessible over the network with critical impacts on confidentiality, integrity, and availability.

Advisories recommend upgrading to OpenClaw version 2026.2.2 or later to mitigate the issue, as detailed in the GitHub security advisory (GHSA-qj77-c3c8-9c3q) and the associated fix commit (a7f4a53ce80c98ba1452eb90802d447fca9bf3d6). Additional analysis is available from VulnCheck's advisory on the cmd.exe parsing bypass.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute…

more

unapproved commands beyond the allowlisted operations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
Why these techniques?

Remote unauthenticated command injection (CWE-78) in public-facing OpenClaw service directly enables T1190 exploitation and arbitrary Windows cmd.exe execution via T1059.003.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32000Same product: Openclaw Openclaw
CVE-2026-22176Same product: Openclaw Openclaw
CVE-2026-28460Same product: Openclaw Openclaw
CVE-2026-31999Same product: Openclaw Openclaw
CVE-2026-29607Same product: Openclaw Openclaw
CVE-2026-32003Same product: Openclaw Openclaw
CVE-2026-22179Same product: Openclaw Openclaw
CVE-2026-32034Same product: Openclaw Openclaw
CVE-2026-32917Same product: Openclaw Openclaw
CVE-2026-28470Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of command inputs to block shell metacharacters like & or %...% that bypass allowlist restrictions in OpenClaw exec requests.

prevent

Mandates timely flaw remediation by patching to OpenClaw 2026.2.2, which corrects the improper cmd.exe metacharacter validation.

detect

Enables real-time monitoring to identify unauthorized command executions from allowlist bypass attempts exploiting the vulnerability.

References