CVE-2026-28463
Published: 05 March 2026
Summary
CVE-2026-28463 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of flaws like CVE-2026-28463, directly addressing the vulnerable exec-approvals allowlist via the available fix in OpenClaw 2026.2.14.
Mandates validation of command argv inputs to block shell glob patterns and environment variable expansions that enable arbitrary file reads through safe binaries.
Enforces least functionality by restricting system capabilities to essential safe executions without shell expansion, preventing exploitation in allowlist mode.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file read via bypassed shell expansion on allowlisted binaries (head/tail/grep) directly enables local data collection (T1005) and Unix shell command execution (T1059.004).
NVD Description
OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or through prompt-injection attacks can exploit safe binaries like head,…
more
tail, or grep with glob patterns or environment variables to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.
Deeper analysisAI
CVE-2026-28463, published on 2026-03-05, is an arbitrary file read vulnerability (CWE-78) affecting OpenClaw versions prior to 2026.2.14. The flaw exists in the exec-approvals allowlist validation mechanism, which inspects pre-expansion argv tokens but executes commands using actual shell expansion, enabling unintended file access.
Attackers with authorization to execute commands or those capable of prompt-injection attacks can exploit the vulnerability by targeting allowlisted safe binaries such as head, tail, or grep. By incorporating glob patterns or environment variables, they can disclose arbitrary files readable by the gateway or node process when host execution is enabled in allowlist mode. The issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability from a local, unprivileged context with low complexity and no user interaction required.
Mitigation is provided in OpenClaw version 2026.2.14 and later, addressed via a fix in GitHub commit 77b89719d5b7e271f48b6f49e334a8b991468c3b. Further details on the vulnerability and remediation are available in the GitHub security advisory at GHSA-xvhf-x56f-2hpp and the Vulncheck advisory at https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-shell-expansion-in-safe-bins-allowlist.
Details
- CWE(s)