Cyber Resilience

CVE-2026-28466

CriticalPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-28466 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-28466 is a vulnerability in the gateway component of OpenClaw versions prior to 2026.2.14. It stems from a failure to sanitize internal approval fields in node.invoke parameters, enabling the bypass of exec approval gating for system.run commands. Classified under CWE-863 (Incorrect Authorization), the issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact network exploitation with low privileges.

Attackers with valid gateway credentials, such as authenticated clients, can exploit this flaw by injecting approval control fields into requests. This allows them to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners through unauthorized code execution.

Mitigation details are outlined in the OpenClaw security advisory (GHSA-gv46-4xfq-jv58) and corresponding GitHub commits: 0af76f5f0e93540efbdf054895216c398692afcd, 318379cdb8d045da0009b0051bd0e712e5c65e2d, a7af646fdab124a7536998db6bd6ad567d2b06b0, and c1594627421f95b6bc4ad7c606657dc75b5ad0ce. Affected users should upgrade to OpenClaw 2026.2.14 or later to address the sanitization issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can…

more

inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability enables remote exploitation of the OpenClaw gateway service (PR:L required) to bypass authorization and execute arbitrary commands on connected nodes, directly mapping to Exploitation of Remote Services.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-32914Same product: Openclaw Openclaw
CVE-2026-28392Same product: Openclaw Openclaw
CVE-2026-43530Same product: Openclaw Openclaw
CVE-2026-28474Same product: Openclaw Openclaw
CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-34512Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-42422Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires sanitization and validation of node.invoke parameters to block injection of unauthorized approval fields bypassing exec gating.

prevent

Enforces approved authorizations in the gateway to prevent authenticated clients from bypassing approval checks for system.run commands.

preventrecover

Mandates timely flaw remediation via upgrade to OpenClaw 2026.2.14, which patches the sanitization vulnerability.

References