CVE-2026-22168
Received Received - Intake
Approval-Integrity Bypass in OpenClaw system.run Enables Local Command Execution

Publication date: 2026-03-18

Last updated on: 2026-03-19

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c to achieve local command execution on trusted Windows nodes with mismatched audit logs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22168
EUVD
EUVD-2026-12708
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22168 is a command injection vulnerability in OpenClaw versions prior to 2026.2.21 affecting the system.run function.

The flaw allows authenticated operators to append arbitrary trailing arguments after the command `cmd.exe /c` even though the approval text only shows a benign command.

This mismatch between the approved command and the actual executed command enables attackers to smuggle malicious arguments, resulting in local command execution on trusted Windows nodes.

Additionally, audit logs reflect only the benign command, causing mismatched audit records and complicating detection.

Impact Analysis

This vulnerability can lead to unauthorized local command execution on trusted Windows nodes by authenticated operators.

Attackers can exploit the approval-integrity mismatch to execute arbitrary commands that were not approved, potentially compromising system integrity.

Because audit logs only record the benign approved command, malicious activity may go undetected, increasing the risk of persistent unauthorized access or system manipulation.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability is challenging because the approval and audit logs only reflect a benign command, while the actual executed command includes additional trailing arguments. This results in mismatched audit logs that do not show the malicious trailing arguments.

To detect exploitation attempts, you should monitor for discrepancies between approved commands and actual command execution, especially commands invoking `cmd.exe /c` with unexpected trailing arguments.

Since the vulnerability involves local command execution on trusted Windows nodes by authenticated operators, you can audit command execution logs and compare them against approval records to identify mismatches.

Specific commands to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to upgrade OpenClaw to version 2026.2.21 or later, where the vulnerability has been fixed.'}, {'type': 'paragraph', 'content': 'The fix involves refactoring the system.run command execution to enforce strict matching between the approved command text and the actual command executed, preventing trailing-argument smuggling attacks.'}, {'type': 'paragraph', 'content': "Until the upgrade can be applied, restrict or closely monitor authenticated operators' ability to execute commands via system.run, especially commands involving `cmd.exe /c` with trailing arguments."}, {'type': 'paragraph', 'content': 'Review and tighten approval workflows and audit processes to detect and prevent approval-integrity mismatches.'}] [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart