CVE-2026-28391

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2

Description The software does not properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests, potentially allowing attackers to bypass command approval restrictions. Attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations. The software uses cmd.exe /d /s /c <rawCommand> for executing requests on Windows nodes. The allowlist analysis does not model Windows cmd.exe parsing and metacharacter behavior. The vulnerable code is located in src/infra/node-shell.ts. The fix hardens Windows allowlist enforcement by passing the platform into allowlist analysis, rejecting Windows shell metacharacters, treating cmd.exe invocation as not allowlist-safe on Windows, and avoiding cmd.exe entirely in allowlist mode by executing the parsed argv directly when possible.

Recommendations Update to version 2026.2.2 or later.