DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-4GC7-QCVF-38WG: CVE-2026-28363: Remote Code Execution in OpenClaw via Argument Injection

#security #cve #cybersecurity

CVE-2026-28363: Remote Code Execution in OpenClaw via Argument Injection

Vulnerability ID: GHSA-4GC7-QCVF-38WG
CVSS Score: 9.9
Published: 2026-03-03

A critical remote code execution vulnerability exists in the OpenClaw automation platform (versions prior to 2026.2.23). The flaw resides in the 'safe-bin' allowlist validation logic, which fails to account for GNU long-option abbreviations when sanitizing command-line arguments. Low-privileged authenticated users can exploit this by supplying abbreviated flags (e.g., '--compress-p' instead of '--compress-program') to the 'sort' utility. This bypasses the security filter while still being interpreted by the underlying binary as a dangerous directive, allowing the execution of arbitrary system commands.

TL;DR

OpenClaw failed to block abbreviated GNU command-line flags. Attackers can bypass the allowlist for the 'sort' command using shortened flags like '--compress-p', leading to authenticated Remote Code Execution (RCE). Fixed in version 2026.2.23.

⚠️ Exploit Status: WEAPONIZED

Technical Details

  • CVE ID: CVE-2026-28363
  • CVSS v3.1: 9.9 (Critical)
  • CWE: CWE-184 (Incomplete List of Disallowed Inputs)
  • Attack Vector: Network (Authenticated)
  • Affected Component: safe-bin validation (sort utility)
  • Exploit Status: PoC Available

Affected Systems

  • OpenClaw Automation Platform
  • OpenClaw: < 2026.2.23 (Fixed in: 2026.2.23)

Code Analysis

Commit: 3b8e330

fix(security): implement GNU flag canonicalization for safe-bin validation

@@ -45,7 +45,15 @@
- if (deniedFlags.has(flag)) {
+ const canonical = resolveCanonicalLongFlag(flag, knownFlags);
+ if (canonical && deniedFlags.has(canonical)) {
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • CXSecurity: Full Python PoC demonstrating reverse shell injection via sort compression flag.

Mitigation Strategies

  • Update OpenClaw to version 2026.2.23 or later.
  • Restrict access to the tools.exec API endpoint to trusted administrators only.
  • Audit tools.exec.safeBins configuration to remove sort if not strictly required.
  • Run the OpenClaw service with a non-privileged user account to limit blast radius.

Remediation Steps:

  1. Pull the latest container image or source code for OpenClaw (tag v2026.2.23).
  2. Redeploy the application service.
  3. Verify the fix by attempting to run sort --compress-prog=echo via the API; it should be rejected.
  4. Rotate any API tokens or credentials that were active prior to the patch.

References

Read the full report for GHSA-4GC7-QCVF-38WG on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)