CVE-2026-28466CRITICAL 9.9EPSS p33.5%

CVE-2026-28466CVE-2026-28466

Description

OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.42% probability of exploitation · percentile 33.5% · 2026-06-18T12:00:27Z
Published2026-03-05
Last modified2026-03-09

Underlying weaknesses· 1

CWE-863

References

  1. https://github.com/openclaw/openclaw/commit/0af76f5f0e93540efbdf054895216c398692afcd
  2. https://github.com/openclaw/openclaw/commit/318379cdb8d045da0009b0051bd0e712e5c65e2d
  3. https://github.com/openclaw/openclaw/commit/a7af646fdab124a7536998db6bd6ad567d2b06b0
  4. https://github.com/openclaw/openclaw/commit/c1594627421f95b6bc4ad7c606657dc75b5ad0ce
  5. https://github.com/openclaw/openclaw/security/advisories/GHSA-gv46-4xfq-jv58
  6. https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-invoke-approval-bypass

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32971
CVE
CVE-2026-28473
CVE
CVE-2026-22177
CVE
CVE-2026-41378
CVE
CVE-2026-22168
CVE
CVE-2026-42426
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.