Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-22168

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments
Back to all
CVE

CVE-2026-22168

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

Summary

A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string.

This requires an authenticated operator context using the approvals flow and a trusted Windows node.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published vulnerable version (as of 2026-02-21): 2026.2.19-2
  • Vulnerable range: <=2026.2.19-2
  • Patched version (planned next release): 2026.2.21

Attack Scenario

  1. An authenticated operator approval is created for a benign command text (for example, echo).
  2. system.run request uses cmd.exe /c with extra trailing arguments.
  3. Prior behavior could bind approval/audit text to the benign command while still executing the full argument tail on the node.

Impact

  • Local command execution on the trusted Windows node process account.
  • Approval/audit command text integrity mismatch.

Fix

  • Canonicalize the full command tail after cmd.exe /c.
  • Reuse one shared command canonicalization/validation path for validation, approval matching, and execution/audit text.
  • Add regression coverage for trailing-argument smuggling and approval binding.

Fix Commit(s)

  • 6007941f04df1edcca679dd6c95949744fdbd4df

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21). Once that npm release is live, this advisory can be published directly.

OpenClaw thanks @tdjackey for reporting.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-5v6x-rfc3-7qfr, https://nvd.nist.gov/vuln/detail/CVE-2026-22168, https://github.com/openclaw/openclaw/commit/6007941f04df1edcca679dd6c95949744fdbd4df, https://github.com/openclaw/openclaw, https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmd-exe-c-trailing-arguments-in-system-run

Severity

8.8

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
8.8
EPSS Probability
0.00068%
EPSS Percentile
0.20755%
Introduced Version
0
Fix Available
2026.2.21

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading