CVE-2026-22168 in OpenClaw
Summary
by MITRE • 03/18/2026
OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments through cmd.exe /c to achieve local command execution on trusted Windows nodes with mismatched audit logs.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/22/2026
The vulnerability identified as CVE-2026-22168 represents a critical approval-integrity mismatch flaw within OpenClaw versions prior to 2026.2.21 that specifically affects the system.run functionality. This issue creates a fundamental disconnect between the approval process and the actual command execution, allowing authenticated operators to bypass intended security controls through a sophisticated smuggling technique that exploits the command-line interface of Windows operating systems.
The technical flaw manifests through the improper handling of command execution within the system.run component where the system processes commands through cmd.exe /c execution context. When an operator approves a command, the approval text only reflects the benign portion of what is actually being executed, while malicious arguments are appended as trailing parameters that are not captured in the audit logs. This creates a situation where the approval system appears to validate only a safe command, but the actual execution includes additional harmful parameters that are hidden from the approval audit trail. The vulnerability specifically leverages the Windows command processor's ability to accept multiple arguments following cmd.exe /c, allowing attackers to inject malicious payloads that execute with the privileges of the trusted operator.
The operational impact of this vulnerability is severe as it enables authenticated attackers to achieve local command execution on Windows systems that are configured to trust the OpenClaw system. The mismatched audit logs create a false sense of security for system administrators who may believe that only benign commands were executed, while malicious activities remain undetected. This vulnerability particularly affects environments where OpenClaw is used to manage Windows nodes and where strict approval processes are expected to prevent unauthorized command execution. The attack vector requires authentication privileges but does not require elevated system privileges, making it particularly dangerous in environments where operator accounts have broad access rights.
Security controls are undermined by this vulnerability because the audit logging system fails to accurately represent the true scope of executed commands. The flaw aligns with CWE-284, which addresses improper access control, and CWE-250, which covers execution with unnecessary privileges, while also demonstrating characteristics of CWE-117, concerning improper output neutralization for logs. The attack pattern follows techniques described in the MITRE ATT&CK framework under T1059, command and scripting interpreter, and T1566, credential harvesting, as attackers can leverage legitimate approval processes to execute malicious commands. Organizations using OpenClaw should implement immediate mitigations including updating to version 2026.2.21 or later, implementing additional command validation controls, and reviewing audit log configurations to ensure complete command capture. Network segmentation and privileged access management controls should also be strengthened to limit potential damage from successful exploitation of this vulnerability.