CVE-2026-28470 — AI Deep Analysis Summary

🚨 **Essence**: OpenClaw suffers from **Parameter Injection** via command substitution. 📉 **Consequences**: Attackers bypass the approved allowlist to execute **arbitrary commands** on the system.…

🛡️ **Root Cause**: **CWE-78** (OS Command Injection). The flaw lies in how the system handles **command substitution within double quotes**, allowing malicious syntax to slip past the allowlist checks. 🐛

👥 **Affected**: Users of **OpenClaw** (the open-source AI assistant). 📅 **Versions**: All versions **prior to 2026.2.2**. If you are running an older build, you are vulnerable. ⚠️

💻 **Capabilities**: Hackers gain **Remote Code Execution (RCE)**. 🗝️ They can achieve **High Confidentiality, Integrity, and Availability** loss. Essentially, full system control is possible without authentication. 🔓

📊 **Threshold**: **LOW**. 🚫 **Auth**: None required (PR:N). 🌐 **Network**: Remote (AV:N). 🖱️ **User Interaction**: None needed (UI:N). This is a high-severity, easy-to-exploit vulnerability. 🎯

🔍 **Exploit Status**: No specific PoC code is listed in the data (POCs: []). However, the vulnerability mechanism (command substitution bypass) is well-documented in the advisory.…

🔎 **Self-Check**: Verify your OpenClaw version. 📝 Look for usage of **command substitution inside double quotes** in your configuration or inputs.…

✅ **Fix Status**: **YES**. The vendor has released a patch. 📦 **Target Version**: Upgrade to **OpenClaw 2026.2.2** or later. 🔄 See the GitHub Security Advisory (GHSA-3hcm-ggvf-rch5) for details. 📄

🚧 **No Patch?**: If you cannot upgrade immediately, strictly **sanitize inputs** to prevent command substitution characters. 🚫 Disable any features allowing direct command execution via user input.…

🔥 **Urgency**: **CRITICAL**. 🚨 With a CVSS score of 9.8 and no auth required, this is a top-priority fix. 🏃‍♂️ Patch immediately to prevent remote code execution. ⏳ Time is of the essence! ⏰