GHSA-9868-vxmx-w862
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9868-vxmx-w862
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-9868-vxmx-w862/GHSA-9868-vxmx-w862.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9868-vxmx-w862
- Aliases
-
- CVE-2026-28460
- Downstream
- Published
- 2026-03-03T19:53:22Z
- Modified
- 2026-03-19T21:32:42.319997Z
- Summary
- OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
- Details
-
Summary
In OpenClaw
system.runallowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as$\\+ newline +(inside double quotes. Analysis treated the payload as allowlisted (for example/bin/echo), while shell runtime folded the line continuation into$(...)and executed non-allowlisted subcommands.Affected Packages / Versions
- Package: npm
openclaw - Latest published affected version:
2026.2.21-2 - Affected range:
<=2026.2.21-2 - Patched version (planned next release):
2026.2.22
Impact
In deployments that opt into
tools.exec.security=allowlist(withask=on-missoroff), this can bypass approval boundaries and lead to unintended command execution.Fix Commit(s)
3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9
Remediation
- Upgrade to
2026.2.22(or newer) when published. - Temporary mitigation: set
tools.exec.ask=alwaysortools.exec.security=deny.
Release Process Note
patched_versionsis pre-set to planned next release2026.2.22. After npm release is out, this advisory should be ready for direct publish without additional metadata edits.OpenClaw thanks @tdjackey for reporting.
- Package: npm
- Database specific
{ "github_reviewed_at": "2026-03-03T19:53:22Z", "github_reviewed": true, "cwe_ids": [ "CWE-78", "CWE-863" ], "nvd_published_at": null, "severity": "MODERATE" }- References
-
- https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862
- https://nvd.nist.gov/vuln/detail/CVE-2026-28460
- https://github.com/openclaw/openclaw/commit/3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9
- https://github.com/openclaw/openclaw
- https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-shell-line-continuation-command-substitution-in-system-run
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw