Back to CVE List

CVE-2026-28463

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.4 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-78
Source
NVD
Vendor
OpenClaw
Product
OpenClaw

External References

Discussion (0)

Add Comment

No comments yet. Be the first!