Vulnerability Description
OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or through prompt-injection attacks can exploit safe binaries like head, tail, or grep with glob patterns or environment variables to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.14 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/77b89719d5b7e271f48b6f49e334a8b99146Patch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xvhf-x56f-2hppPatchVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-shell-expaThird Party Advisory
FAQ
What is CVE-2026-28463?
CVE-2026-28463 is a vulnerability with a CVSS score of 8.4 (HIGH). OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansi...
How severe is CVE-2026-28463?
CVE-2026-28463 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-28463?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.