Zero Day MonitorZDM

← Back to list

9.9

CVE-2026-28363PATCHED

openclaw · openclaw

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free executio

Description

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	< 2026.2.23

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78(Vendor Advisory)

Related News (1 articles)

Tier E

Hacker News21h ago

OpenClaw CVE and Security Advisory Tracker

→ No new info (linked only)

CVSS 3.19.9 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.2.23

CWECWE-184

PublishedFeb 27, 2026

Last enriched3d ago

Trending Score28

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34511EXP

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

NONECVE-2026-33579

OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

NONECVE-2026-34425EXP

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

CRITICALCVE-2026-30741

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

NONECVE-2026-34426

OpenClaw - Approval Bypass via Environment Variable Normalization

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 27, 2026

Patch Available

Feb 27, 2026

Discovered by ZDM

Apr 1, 2026