Description
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c to achieve local command execution on trusted Windows nodes with mismatched audit logs.
Published: 2026-03-18
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Command Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.21 contain an approval‑integrity mismatch in the system.run function that allows authenticated operators to inject arbitrary trailing arguments into the cmd.exe /c command. The approval text logs only a benign command, while the actual command executed includes malicious arguments, enabling local command execution on trusted Windows nodes. The vulnerability is a classic command injection flaw (CWE‑88) and can be used to compromise the integrity and availability of the affected system.

Affected Systems

Vendor: OpenClaw; Product: OpenClaw; Affected releases: all versions before 2026.2.21.

Risk and Exploitability

The CVSS score is 7.1 (High). An EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an authenticated operator with access to system.run, thus it is a local attack vector. An attacker can execute arbitrary commands with the privileges of the operator, potentially compromising system integrity or availability. The risk is moderate to high for trusted environments that grant operators this access.

Generated by OpenCVE AI on March 18, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.21 or later.

Generated by OpenCVE AI on March 18, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5v6x-rfc3-7qfr OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
History

Wed, 18 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c to achieve local command execution on trusted Windows nodes with mismatched audit logs.
Title OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-88
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-18T14:06:48.407Z

Reserved: 2026-01-06T16:47:17.176Z

Link: CVE-2026-22168

cve-icon Vulnrichment

Updated: 2026-03-18T14:06:44.802Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T02:16:20.680

Modified: 2026-03-19T14:48:09.740

Link: CVE-2026-22168

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:53:47Z

Weaknesses