CVE•Published 2026-03-05•Modified 2026-04-08•1 article on news•5 live references•NVD data
CVE-2026-28463Openclaw · Openclaw
Vulnerability data via NVD (ingested)
CVSS v3.1
8.4
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
—
Weaknesses (CWE)
Description
OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or through prompt-injection attacks can exploit safe binaries like head, tail, or grep with glob patterns or environment variables to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.
Timeline
Published 2026-03-05
Modified 2026-04-08
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2026-28463Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Openclaw Openclaw"All exposed Openclaw Openclaw instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Openclaw"HTTP body or banner mentions "Openclaw" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-28463Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-28463Censys host search filtered to this CVE id.
grep.app
CVE-2026-28463Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-28463GitHub code search for direct mentions.
Google dork
"CVE-2026-28463" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (5)
CVE-2026-284635 repos
cclank/Hermes-Wikiunknown
Hermes agent + LLM Wiki + 源代码 完成 Hermes agent wiki
adibirzu/openclaw-security-monitorShell
Proactive security monitoring for OpenClaw deployments. Detects ClawHavoc, AMOS stealer, CVE-2026-25253, memory poisoning, and supply chain attacks.
wooluo/openclaw-securityPython
全面的安全防护套件,为OpenClaw AI助手提供企业级安全保护
tttturtle-russ/clawsanGo
NiNiyas/awesome-starsunknown
Made with https://github.com/NiNiyas/starred