CRITICAL 9.8
GHSA-3hcm-ggvf-rch5
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes
Details
### Summary
Exec approvals allowlist bypass via command substitution/backticks inside double quotes.
### Affected Packages / Versions
- Package: `openclaw` (npm) - Affected: `<= 2026.2.1` - Fixed: `>= 2026.2.2`
### Impact
Only affects setups that explicitly enable the optional exec approvals allowlist feature. Default installs are unaffected.
### Fix
Reject unescaped `$()` and backticks inside double quotes during allowlist analysis.
### Fix Commit(s)
- d1ecb46076145deb188abcba8f0699709ea17198
Thanks @simecek for reporting.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3hcm-ggvf-rch5 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-28470 [ADVISORY]
- https://github.com/openclaw/openclaw/commit/d1ecb46076145deb188abcba8f0699709ea17198 [WEB]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.2 [WEB]
- https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-command-substitution-in-double-quotes [WEB]