CVE-2026-28463

Опубликовано: 05 мар. 2026

Источник: nvd

CVSS3: 8.4

CVSS3: 5.5

EPSS Низкий

Описание

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.

Ссылки

https://github.com/openclaw/openclaw/commit/77b89719d5b7e271f48b6f49e334a8b991468c3b
Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-xvhf-x56f-2hpp
Vendor Advisory
Patch
https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-shell-expansion-in-safe-bins-allowlist
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Версия до 2026.2.14 (исключая)

EPSS

Процентиль: 4%

0.00018

Низкий

8.4 High

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-xvhf-x56f-2hpp

CVSS3: 5.7

github

около 1 месяца назад

OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

EPSS

Процентиль: 4%

0.00018

Низкий

8.4 High

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-78