CVE-2026-28460

MEDIUM6.0EPSS 0.03%

OpenClaw's system.run allowlist bypass via shell line-continuation command substitution

發布日:2026/3/3修改日:2026/3/19
也稱為:GHSA-9868-vxmx-w862

描述

### Summary In OpenClaw `system.run` allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as `$\\` + newline + `(` inside double quotes. Analysis treated the payload as allowlisted (for example `/bin/echo`), while shell runtime folded the line continuation into `$(...)` and executed non-allowlisted subcommands. ### Affected Packages / Versions - Package: npm `openclaw` - Latest published affected version: `2026.2.21-2` - Affected range: `<=2026.2.21-2` - Patched version (planned next release): `2026.2.22` ### Impact In deployments that opt into `tools.exec.security=allowlist` (with `ask=on-miss` or `off`), this can bypass approval boundaries and lead to unintended command execution. ### Fix Commit(s) - `3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9` ### Remediation - Upgrade to `2026.2.22` (or newer) when published. - Temporary mitigation: set `tools.exec.ask=always` or `tools.exec.security=deny`. ### Release Process Note `patched_versions` is pre-set to planned next release `2026.2.22`. After npm release is out, this advisory should be ready for direct publish without additional metadata edits. OpenClaw thanks @tdjackey for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
nvdCVSS 4.0MEDIUM6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdCVSS 3.1HIGH8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(5)