CVE-2026-28391
Published: 05 March 2026
Summary
CVE-2026-28391 is a critical-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of command inputs to block shell metacharacters like & or %...% that bypass allowlist restrictions in OpenClaw exec requests.
Mandates timely flaw remediation by patching to OpenClaw 2026.2.2, which corrects the improper cmd.exe metacharacter validation.
Enables real-time monitoring to identify unauthorized command executions from allowlist bypass attempts exploiting the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated command injection (CWE-78) in public-facing OpenClaw service directly enables T1190 exploitation and arbitrary Windows cmd.exe execution via T1059.003.
NVD Description
OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute…
more
unapproved commands beyond the allowlisted operations.
Deeper analysisAI
CVE-2026-28391 is a command injection vulnerability (CWE-78) affecting OpenClaw versions prior to 2026.2.2, specifically in non-default configurations that use allowlist-gated exec requests on Windows. The flaw arises from improper validation of cmd.exe metacharacters, enabling attackers to bypass command approval restrictions. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-05.
Remote, unauthenticated attackers can exploit this vulnerability by crafting command strings incorporating shell metacharacters such as & or %...%, allowing execution of arbitrary commands beyond the allowlisted operations. No privileges, user interaction, or special access are required, making it highly accessible over the network with critical impacts on confidentiality, integrity, and availability.
Advisories recommend upgrading to OpenClaw version 2026.2.2 or later to mitigate the issue, as detailed in the GitHub security advisory (GHSA-qj77-c3c8-9c3q) and the associated fix commit (a7f4a53ce80c98ba1452eb90802d447fca9bf3d6). Additional analysis is available from VulnCheck's advisory on the cmd.exe parsing bypass.
Details
- CWE(s)