Description
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.
Published: 2026-03-05
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.2.14 contain a flaw in the gateway that fails to sanitize internal approval fields in node.invoke parameters. The bug permits authenticated clients to inject approval control fields, bypassing the exec approval gate for system.run commands. This vulnerability can be exploited to run arbitrary commands on node hosts, compromising both developer workstations and continuous integration runners. The weakness is a failure to enforce authorization checks, classified as CWE‑863.

Affected Systems

Affected systems are the OpenClaw gateway component of the OpenClaw product. All releases prior to 2026.2.14 are vulnerable. The gateway is built on Node.js and interacts with connected node hosts via node.invoke calls. The product documentation does not list a separate version for the Node.js environment, so the vulnerability exists in all affected releases regardless of minor Node.js updates.

Risk and Exploitability

The vulnerability has a CVSS score of 9.4, indicating critical severity. The EPSS score is less than 1 %, suggesting a low exploitation probability at present, but the lack of KEV listing does not diminish the risk to exposed systems. Exploitation requires valid gateway credentials and the ability to construct node.invoke requests with crafted approval fields. Once authenticated, an attacker can override the approval check and execute arbitrary code on any connected node host.

Generated by OpenCVE AI on April 16, 2026 at 12:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.14 or later, which includes the fix that properly sanitizes approval fields in node.invoke parameters.
  • Restrict gateway user accounts to the minimum necessary permissions and audit existing credentials to ensure no privileged accounts are compromised.
  • Disable or tightly restrict node.invoke functionality from untrusted clients, or enforce strict validation of approval fields before execution.

Generated by OpenCVE AI on April 16, 2026 at 12:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gv46-4xfq-jv58 OpenClaw Vulnerable to Remote Code Execution via Node Invoke Approval Bypass in Gateway
History

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.
Title OpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval Bypass
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T17:53:00.701Z

Reserved: 2026-02-27T19:18:50.053Z

Link: CVE-2026-28466

cve-icon Vulnrichment

Updated: 2026-03-09T17:52:55.365Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:19.790

Modified: 2026-03-09T15:30:16.490

Link: CVE-2026-28466

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:15:35Z

Weaknesses