Plataforma
nodejs
Componente
openclaw
Corrigido em
2026.2.23
2026.2.23
CVE-2026-28363 describes a critical remote code execution (RCE) vulnerability discovered in OpenClaw, a Node.js tooling library. This flaw allows attackers to bypass validation mechanisms within the tools.exec.safeBins module, potentially leading to arbitrary code execution on affected systems. The vulnerability affects versions prior to 2026.2.23 and has been addressed in the updated release. Prompt patching is strongly recommended.
The core of the vulnerability lies in the insufficient validation of command-line arguments within the tools.exec.safeBins module when operating in allowlist mode. OpenClaw intended to restrict execution to explicitly approved commands, but a flaw in how GNU long-option abbreviations (e.g., --compress-prog instead of --compress-program) were handled allowed attackers to bypass this restriction. By crafting malicious command-line arguments using these abbreviations, an attacker can execute arbitrary commands without triggering the intended approval process. This effectively grants them complete control over the affected system, enabling actions such as data theft, malware installation, and system compromise. The potential blast radius is significant, particularly in environments where OpenClaw is integrated into automated build or deployment pipelines.
CVE-2026-28363 was publicly disclosed on 2026-02-27. There is currently no indication that this vulnerability is being actively exploited in the wild, but its CRITICAL severity and ease of exploitation warrant immediate attention. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (POC) code is not yet available, but the vulnerability's nature suggests that a POC is likely to emerge soon. Security researchers should prioritize developing and sharing detection signatures.
Development teams and DevOps engineers using OpenClaw in their Node.js projects are at significant risk. Specifically, projects that rely on OpenClaw for automated build processes, deployment pipelines, or any task involving command-line execution are particularly vulnerable. Shared hosting environments where multiple applications share the same Node.js runtime could also be affected if one application is vulnerable and can impact others.
• nodejs / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*openclaw*'} | Select-Object Name, Id, CommandLine• nodejs / supply-chain:
Get-ScheduledTask | Where-Object {$_.Actions.Path -like '*openclaw*'} | Select-Object TaskName, Actions• generic web: Inspect Node.js application logs for unusual process executions or command-line arguments containing GNU long-option abbreviations within OpenClaw-related processes.
disclosure
patch
Status do Exploit
EPSS
0.04% (percentil 10%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-28363 is to immediately upgrade OpenClaw to version 2026.2.23 or later. If upgrading is not immediately feasible due to compatibility concerns or breaking changes, consider implementing stricter input validation on command-line arguments passed to the tools.exec.safeBins module. Specifically, ensure that the full, unabbreviated command-line options are used and validated against the allowlist. As a temporary workaround, disabling the allowlist mode entirely might reduce the attack surface, but this is not a recommended long-term solution. Monitor system logs for unusual process executions or command-line patterns that might indicate exploitation attempts. After upgrading, confirm the fix by attempting to execute a command using a GNU long-option abbreviation and verifying that it is properly rejected.
Actualice OpenClaw a la versión 2026.2.23 o posterior. Esta versión corrige la vulnerabilidad que permite la ejecución no autorizada de comandos mediante la manipulación de opciones abreviadas de GNU en el modo de lista blanca.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-28363 is a critical remote code execution vulnerability in OpenClaw versions before 2026.2.23, allowing attackers to bypass validation and execute arbitrary code.
If you are using OpenClaw versions prior to 2026.2.23, you are vulnerable to this RCE vulnerability.
Upgrade OpenClaw to version 2026.2.23 or later to mitigate the vulnerability. Consider stricter input validation as a temporary workaround.
There is currently no confirmed active exploitation, but the vulnerability's severity and ease of exploitation warrant immediate attention.
Refer to the OpenClaw project's official release notes and security advisories for details on this vulnerability and the fix.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.