CVE-2026-28463

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-28463
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28463.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-28463
Aliases
Published
2026-03-05T22:16:19.127Z
Modified
2026-03-13T07:57:33.682772Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.

References

Affected packages

Git / github.com/openclaw/openclaw

Affected ranges

Type
GIT
Repo
https://github.com/openclaw/openclaw
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b5ab92eef4e4f6099c98817e0917c99ec9e03045
Fixed
77b89719d5b7e271f48b6f49e334a8b991468c3b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2026.2.14"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v1.*
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v2.*
v2.0.0-beta1
v2.0.0-beta2
v2.0.0-beta3
v2.0.0-beta4
v2.0.0-beta5
v2026.*
v2026.1.10
v2026.1.11
v2026.1.11-1
v2026.1.11-2
v2026.1.11-3
v2026.1.12
v2026.1.12-2
v2026.1.13
v2026.1.14-1
v2026.1.15
v2026.1.16-2
v2026.1.20
v2026.1.21
v2026.1.22
v2026.1.23
v2026.1.24
v2026.1.24-1
v2026.1.29
v2026.1.30
v2026.1.5
v2026.1.5-1
v2026.1.5-2
v2026.1.5-3
v2026.1.8
v2026.1.9
v2026.2.1
v2026.2.12
v2026.2.13
v2026.2.2
v2026.2.3
v2026.2.6
v2026.2.6-1
v2026.2.6-2
v2026.2.6-3
v2026.2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28463.json"