CVE-2026-28460
Published: 19 March 2026
Summary
CVE-2026-28460 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements input validation at the system.run interface to detect and block shell line-continuation injections that bypass the command allowlist.
Restricts command inputs to an allowlist with proper validation criteria, preventing execution of non-allowlisted commands via shell tricks.
Mandates timely patching of the specific allowlist bypass flaw in OpenClaw system.run as identified in the advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection (CWE-78) via shell line-continuation bypass directly enables remote exploitation of a public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004).
NVD Description
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\\ followed by a newline and…
more
opening parenthesis inside double quotes, causing the shell to fold the line continuation into executable command substitution that circumvents approval boundaries.
Deeper analysisAI
CVE-2026-28460 is an allowlist bypass vulnerability in the system.run component of OpenClaw versions prior to 2026.2.22. The issue enables attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Specifically, attackers can inject "$\" followed by a newline and an opening parenthesis inside double quotes, causing the shell to fold the line continuation into executable command substitution that circumvents approval boundaries. It is associated with CWE-78 (OS Command Injection) and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L).
The vulnerability can be exploited remotely over the network by attackers with low privileges, requiring low complexity and no user interaction. Exploitation allows execution of arbitrary commands outside the intended allowlist, resulting in high integrity impact through unauthorized command execution or modification, alongside low availability impact, but no confidentiality loss.
Mitigation is addressed by updating to OpenClaw version 2026.2.22 or later, as detailed in the patching commit at https://github.com/openclaw/openclaw/commit/3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9. Further guidance appears in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-shell-line-continuation-command-substitution-in-system-run.
Details
- CWE(s)