OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
References 3
https://github.com/openclaw/openclaw/commit/a7f4a53ce80c98ba1452eb90802d447fca9…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmdexe-pars…
disclosure@vulncheck.com