{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-28363", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-02-27T03:17:37.164Z", "datePublished": "2026-02-27T03:17:37.343Z", "dateUpdated": "2026-02-27T15:47:06.970Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageURL": "pkg:npm/openclaw", "product": "OpenClaw", "vendor": "OpenClaw", "versions": [{"lessThan": "2026.2.23", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-184", "description": "CWE-184 Incomplete List of Disallowed Inputs", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-27T03:23:43.320Z"}, "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T15:46:57.276801Z", "id": "CVE-2026-28363", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T15:47:06.970Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28363", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T15:46:57.276801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T15:47:03.257Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "versions": [{"status": "affected", "version": "0", "lessThan": "2026.2.23", "versionType": "custom"}], "packageURL": "pkg:npm/openclaw", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-184", "description": "CWE-184 Incomplete List of Disallowed Inputs"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-27T03:23:43.320Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28363", "state": "PUBLISHED", "dateUpdated": "2026-02-27T15:47:06.970Z", "dateReserved": "2026-02-27T03:17:37.164Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-02-27T03:17:37.343Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "19EDA1E2-F0D6-44F4-A333-C32DCE286DA6", "versionEndExcluding": "2026.2.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied."}, {"lang": "es", "value": "En OpenClaw antes de 2026.2.23, la validaci\u00f3n de tools.exec.safeBins para sort podr\u00eda ser eludida a trav\u00e9s de abreviaturas de opciones largas de GNU (como --compress-prog) en modo de lista de permitidos, lo que llevaba a rutas de ejecuci\u00f3n sin aprobaci\u00f3n que estaban destinadas a requerir aprobaci\u00f3n. Solo una cadena exacta como --compress-program era denegada."}], "id": "CVE-2026-28363", "lastModified": "2026-02-27T19:13:57.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T04:16:03.227", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-184"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.2.23)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenClaw", "source": "cna", "vendor": "OpenClaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-04-18T10:18:04.039318+00:00", "value": {"mitigation_remediation": ["Upgrade to OpenClaw 2026.2.23 or later to obtain the validated safeBins logic.", "Reconfigure the OpenClaw sort command to enforce strict option names, ensuring that only fully-qualified option strings such as --compress-program are accepted and that abbreviations are rejected.", "Audit and, if possible, disable the allowlist mode for sort or implement additional checks that prevent unapproved options from being executed."], "summary": {"action": "Immediate Patch", "impact": "Command Execution via Untyped SafeBins Validation Bypass"}, "threat_synthesis": {"affected_systems": "All instances of OpenClaw before the 2026.2.23 release are affected. This includes any deployment that uses the OpenClaw sort tool without updated version enforcement. No specific operating system or platform filtering is mentioned; the issue exists wherever the unsafe safeBins validation is active.", "description_and_impact": "OpenClaw\u2019s sort command validates executables using a safeBins allowlist. Prior to version 2026.2.23, a bypass was possible by supplying GNU long-option abbreviations that matched allowed patterns, such as --compress-prog, while the exact string --compress-program was correctly denied. This flaw allowed users to trigger execution paths that should have required explicit approval, effectively enabling arbitrary command execution through the sort interface. The core weakness is a CWE-184 type flaw where option values are not fully validated, leading to command injection vulnerabilities.", "risk_and_exploitability": "The CVSS score of 9.9 indicates critical severity, and the EPSS score of < 1% suggests low current exploitation probability, likely due to the need for user interaction or privileged access to provide the offending option. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or within the scope of users who can invoke the OpenClaw sort command with arbitrary arguments. An attacker would need to supply a long-option abbreviation that matches the safeBins allowlist but bypasses the exact match required for approval. If successful, unrestricted options would be executed, potentially compromising system confidentiality, integrity, and availability."}}}}, "created": "2026-02-27T09:06:58.467028+00:00", "title": "Unsafe SafeBins Validation in OpenClaw Sort Enables Execution of Unapproved Commands", "updated": "2026-04-18T10:30:35.752178+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}