CVE-2026-28466
Published: 05 March 2026
Summary
CVE-2026-28466 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires sanitization and validation of node.invoke parameters to block injection of unauthorized approval fields bypassing exec gating.
Enforces approved authorizations in the gateway to prevent authenticated clients from bypassing approval checks for system.run commands.
Mandates timely flaw remediation via upgrade to OpenClaw 2026.2.14, which patches the sanitization vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote exploitation of the OpenClaw gateway service (PR:L required) to bypass authorization and execute arbitrary commands on connected nodes, directly mapping to Exploitation of Remote Services.
NVD Description
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can…
more
inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.
Deeper analysisAI
CVE-2026-28466 is a vulnerability in the gateway component of OpenClaw versions prior to 2026.2.14. It stems from a failure to sanitize internal approval fields in node.invoke parameters, enabling the bypass of exec approval gating for system.run commands. Classified under CWE-863 (Incorrect Authorization), the issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact network exploitation with low privileges.
Attackers with valid gateway credentials, such as authenticated clients, can exploit this flaw by injecting approval control fields into requests. This allows them to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners through unauthorized code execution.
Mitigation details are outlined in the OpenClaw security advisory (GHSA-gv46-4xfq-jv58) and corresponding GitHub commits: 0af76f5f0e93540efbdf054895216c398692afcd, 318379cdb8d045da0009b0051bd0e712e5c65e2d, a7af646fdab124a7536998db6bd6ad567d2b06b0, and c1594627421f95b6bc4ad7c606657dc75b5ad0ce. Affected users should upgrade to OpenClaw 2026.2.14 or later to address the sanitization issue.
Details
- CWE(s)