Description

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.

INFO

Published Date :

2026-02-27T03:17:37.343Z

Last Modified :

2026-02-27T15:47:06.970Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28363 vulnerability.

Vendors Products
Openclaw
  • Openclaw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28363.

URL Resource
https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact