CVE-2026-28460

Description

### Summary In OpenClaw `system.run` allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as `$\\` + newline + `(` inside double quotes. Analysis treated the payload as allowlisted (for example `/bin/echo`), while shell runtime folded the line continuation into `$(...)` and executed non-allowlisted subcommands. ### Affected Packages / Versions - Package: npm `openclaw` - Latest published affected version: `2026.2.21-2` - Affected range: `<=2026.2.21-2` - Patched version (planned next release): `2026.2.22` ### Impact In deployments that opt into `tools.exec.security=allowlist` (with `ask=on-miss` or `off`), this can bypass approval boundaries and lead to unintended command execution. ### Fix Commit(s) - `3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9` ### Remediation - Upgrade to `2026.2.22` (or newer) when published. - Temporary mitigation: set `tools.exec.ask=always` or `tools.exec.security=deny`. ### Release Process Note `patched_versions` is pre-set to planned next release `2026.2.22`. After npm release is out, this advisory should be ready for direct publish without additional metadata edits. OpenClaw thanks @tdjackey for reporting.

How to fix CVE-2026-28460

To remediate CVE-2026-28460, upgrade the affected package to a fixed version below.

—upgrade to 2026.2.22 or later

Is CVE-2026-28460 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2026.2.22

CVSS scores

nvd	CVSS 4.0	MEDIUM6.0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H