CVE-2026-28463
Received Received - Intake
Shell Expansion Injection in OpenClaw exec-approvals Allows Arbitrary File Disclosure

Publication date: 2026-03-05

Last updated on: 2026-04-08

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or through prompt-injection attacks can exploit safe binaries like head, tail, or grep with glob patterns or environment variables to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28463
EUVD
EUVD-2026-9909
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw's exec-approvals allowlist validation. The system checks command arguments before shell expansion, but when executing, it uses the real shell expansion. This discrepancy allows commands that are considered safe, such as head, tail, or grep, to be exploited to read arbitrary local files by using glob patterns or environment variables.

Authorized users or attackers performing prompt-injection can exploit this flaw to disclose files that the gateway or node process can read, but only when host execution is enabled in allowlist mode.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of local files accessible by the gateway or node process. Attackers or authorized callers can exploit the shell expansion behavior to read sensitive files, potentially exposing confidential information.

Since the vulnerability allows reading arbitrary files, it can compromise confidentiality and integrity, leading to high impact on confidentiality, integrity, and availability as indicated by the CVSS scores.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28463. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart