Vulnerability Description
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c to achieve local command execution on trusted Windows nodes with mismatched audit logs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.21 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/6007941f04df1edcca679dd6c95949744fdbPatch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-5v6x-rfc3-7qfrVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmd-exe-c-trThird Party Advisory
FAQ
What is CVE-2026-22168?
CVE-2026-22168 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c whi...
How severe is CVE-2026-22168?
CVE-2026-22168 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22168?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.