Plattform
nodejs
Komponente
openclaw
Behoben in
2026.2.14
CVE-2026-28466 is a critical Remote Code Execution (RCE) vulnerability affecting OpenClaw versions up to 2026.2.14. This flaw allows authenticated clients to bypass approval gating mechanisms, enabling the execution of arbitrary commands on connected node hosts. Successful exploitation could lead to significant compromise of developer workstations and CI runners. The vulnerability is fixed in version 2026.2.14.
The impact of CVE-2026-28466 is severe. An attacker with valid gateway credentials can inject approval control fields within node.invoke parameters, effectively bypassing the intended security controls. This allows them to execute arbitrary commands on the connected node hosts. Given OpenClaw's use in developer environments and CI/CD pipelines, a successful exploitation could lead to complete system compromise, data exfiltration, and disruption of development workflows. This vulnerability shares similarities with other command injection flaws where improper sanitization of user-supplied input leads to arbitrary code execution.
CVE-2026-28466 was publicly disclosed on 2026-03-05. The vulnerability's criticality (CVSS 9.9) and the potential for widespread impact suggest a high probability of exploitation. As of this writing, no public proof-of-concept exploits are publicly available, but the ease of exploitation given valid credentials makes it a likely target. It is not currently listed on the CISA KEV catalog.
Development teams using OpenClaw, particularly those with CI/CD pipelines, are at significant risk. Organizations relying on OpenClaw to manage access to sensitive developer workstations and infrastructure are also vulnerable. Shared hosting environments where OpenClaw is deployed could expose multiple users to the risk of compromise.
• linux / server: Monitor OpenClaw logs for unusual node.invoke requests containing suspicious approval control fields. Use journalctl -u openclaw to filter for relevant events.
journalctl -u openclaw | grep 'approval control field'• generic web: Examine OpenClaw API request logs for patterns indicative of approval field manipulation. Look for requests with unusually long or complex node.invoke parameters.
• other: Review OpenClaw configuration files for any misconfigured approval gating settings that could inadvertently weaken security controls.
disclosure
Exploit-Status
EPSS
0.10% (28% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28466 is to immediately upgrade OpenClaw to version 2026.2.14 or later. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, consider restricting gateway access to trusted users and networks. Implement strict input validation and sanitization on all node.invoke parameters. While a direct WAF rule is unlikely, monitoring for unusual command execution patterns within OpenClaw logs can provide early detection. After upgrading, confirm the fix by attempting to invoke commands through the gateway and verifying that approval gating is enforced.
Aktualisieren Sie OpenClaw auf Version 2026.2.14 oder höher. Diese Version behebt die Schwachstelle der Remote-Code-Execution-Approval-Umgehung. Das Update verhindert, dass Angreifer mit gültigen Zugangsdaten beliebige Befehle auf verbundenen Nodes ausführen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28466 is a critical Remote Code Execution vulnerability in OpenClaw versions up to 2026.2.14, allowing attackers to execute arbitrary commands on connected hosts with valid credentials.
You are affected if you are using OpenClaw versions prior to 2026.2.14 and have authenticated users with access to the gateway.
Upgrade OpenClaw to version 2026.2.14 or later. As a temporary workaround, restrict gateway access and carefully audit node.invoke calls.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official OpenClaw security advisory for detailed information and updates: [https://github.com/open-claw/open-claw/security/advisories/CVE-2026-28466]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.