CVE-2026-28460

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22

Description The software contains an allowlist bypass issue in the system.run function. This allows attackers to execute commands not included in the allowlist by utilizing shell line-continuation characters to split command substitution. Specifically, injecting $ followed by a newline and an opening parenthesis inside double quotes bypasses security analysis, causing the shell to interpret the line continuation as executable command substitution, circumventing approval boundaries. The issue affects deployments using tools.exec.security=allowlist with ask=on-miss or ask=off.

Recommendations Upgrade to version 2026.2.22 or newer when it is published. As a temporary mitigation, set tools.exec.ask=always or tools.exec.security=deny.