GHSA-qj77-c3c8-9c3q: OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating

February 17, 2026

On Windows nodes, exec requests were executed via cmd.exe /d /s /c <rawCommand>. In allowlist/approval-gated mode, the allowlist analysis did not model Windows cmd.exe parsing and metacharacter behavior. A crafted command string could cause cmd.exe to interpret additional operations (for example command chaining via &, or expansion via %...% / !...!) beyond what was allowlisted/approved.

References

github.com/advisories/GHSA-qj77-c3c8-9c3q
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/a7f4a53ce80c98ba1452eb90802d447fca9bf3d6
github.com/openclaw/openclaw/releases/tag/v2026.2.2
github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q

Code Behaviors & Features

Detect and mitigate GHSA-qj77-c3c8-9c3q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →