CVE-2026-28466
Published: 05 March 2026
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2026-28466 is a vulnerability in the gateway component of OpenClaw versions prior to 2026.2.14. It stems from a failure to sanitize internal approval fields in node.invoke parameters, enabling the bypass of exec approval gating for system.run commands. Classified under CWE-863 (Incorrect Authorization), the issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact network exploitation with low privileges.
Attackers with valid gateway credentials, such as authenticated clients, can exploit this flaw by injecting approval control fields into requests. This allows them to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners through unauthorized code execution.
Mitigation details are outlined in the OpenClaw security advisory (GHSA-gv46-4xfq-jv58) and corresponding GitHub commits: 0af76f5f0e93540efbdf054895216c398692afcd, 318379cdb8d045da0009b0051bd0e712e5c65e2d, a7af646fdab124a7536998db6bd6ad567d2b06b0, and c1594627421f95b6bc4ad7c606657dc75b5ad0ce. Affected users should upgrade to OpenClaw 2026.2.14 or later to address the sanitization issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote exploitation of the OpenClaw gateway service (PR:L required) to bypass authorization and execute arbitrary commands on connected nodes, directly mapping to Exploitation of Remote Services.