CVE-2026-28363 – OpenClaw Safe Bin Validation Bypass Vulnerability

CVE ID : CVE-2026-28363

Published : Feb. 27, 2026, 4:16 a.m. | 55 minutes ago

Description : In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as –compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as –compress-program was denied.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…