CVE-2026-28456 Overview
CVE-2026-28456 is a code execution vulnerability affecting OpenClaw Gateway versions 2026.1.5 prior to 2026.2.14. The vulnerability exists in the Gateway component, which fails to sufficiently constrain configured hook module paths before passing them to Node.js dynamic import(). This allows an attacker with gateway configuration modification access to load and execute unintended local modules within the Node.js process, potentially leading to full system compromise.
Critical Impact
An attacker with configuration modification privileges can execute arbitrary code by manipulating hook module paths, enabling them to load malicious local modules and gain control of the Node.js runtime environment.
Affected Products
- OpenClaw Gateway versions 2026.1.5 through 2026.2.13
- OpenClaw versions prior to 2026.2.14
- Node.js environments running vulnerable OpenClaw Gateway instances
Discovery Timeline
- 2026-03-05 - CVE-2026-28456 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28456
Vulnerability Analysis
This vulnerability is classified under CWE-427 (Uncontrolled Search Path Element), which occurs when an application does not properly control the path used to locate resources such as dynamically loaded modules. In the case of OpenClaw Gateway, the InternalHookHandlerConfig type originally accepted both absolute and relative module paths without proper validation or sanitization.
The core issue stems from how hook module paths were processed before being passed to Node.js dynamic import(). The original implementation allowed arbitrary path specifications including absolute paths, paths with tilde expansion (~), URL-ish forms, drive-relative forms, and path traversal sequences (..). This lack of constraint enables an attacker with configuration modification access to specify a malicious module path that escapes the intended workspace directory.
The attack requires elevated privileges (configuration modification access), but once exploited, it provides complete control over the Node.js process with high impact on confidentiality, integrity, and availability.
Root Cause
The root cause lies in insufficient input validation of the module field within the InternalHookHandlerConfig type. The original implementation documentation indicated the path could be "absolute or relative to cwd," which inherently introduced security risks by allowing path specifications outside the intended workspace boundaries.
The vulnerable code path accepted any string value for the module path and directly passed it to dynamic import() without first verifying that:
- The path is strictly relative
- The path does not contain traversal sequences
- The path does not use special prefixes like ~ or URL schemes
Attack Vector
The attack vector is network-based and requires the attacker to have gateway configuration modification access. The exploitation flow involves:
- Attacker gains access to modify OpenClaw Gateway configuration
- Attacker specifies a malicious hook module path using path traversal sequences (e.g., ../../malicious-module) or absolute paths
- Gateway loads the specified module via dynamic import() without path validation
- Malicious code executes within the Node.js process context
The following code shows the security patch that addresses this vulnerability by implementing strict path validation:
+import path from "node:path";
import { z } from "zod";
import { sensitive } from "./zod-schema.sensitive.js";
+function isSafeRelativeModulePath(raw: string): boolean {
+ const value = raw.trim();
+ if (!value) {
+ return false;
+ }
+ // Hook modules are loaded via file-path resolution + dynamic import().
+ // Keep this strictly relative to a configured base dir to avoid path traversal and surprises.
+ if (path.isAbsolute(value)) {
+ return false;
+ }
+ if (value.startsWith("~")) {
+ return false;
+ }
+ // Disallow URL-ish and drive-relative forms (e.g. "file:...", "C:foo").
+ if (value.includes(":")) {
+ return false;
+ }
+ const parts = value.split(/[\\/]+/g);
+ if (parts.some((part) => part === "..")) {
+ return false;
+ }
+ return true;
+}
+
+const SafeRelativeModulePathSchema = z
+ .string()
Source: GitHub OpenClaw Commit
The patch introduces a isSafeRelativeModulePath() function that validates module paths are strictly relative to the workspace, rejecting absolute paths, tilde-prefixed paths, URL-ish forms, and any path containing traversal sequences.
Detection Methods for CVE-2026-28456
Indicators of Compromise
- Unusual module paths in OpenClaw Gateway configuration files containing .., absolute paths, or tilde (~) prefixes
- Unexpected Node.js process activity or child process spawning from OpenClaw Gateway
- Configuration changes to hook module paths that reference directories outside the workspace
- Log entries showing attempts to load modules from non-standard locations
Detection Strategies
- Implement file integrity monitoring on OpenClaw Gateway configuration files to detect unauthorized modifications
- Monitor Node.js process execution patterns for anomalous module loading behavior
- Review gateway configuration audit logs for changes to hook module path settings
- Deploy runtime application self-protection (RASP) to detect and block suspicious dynamic imports
Monitoring Recommendations
- Enable verbose logging for OpenClaw Gateway module loading operations
- Configure alerts for configuration file changes in production environments
- Implement baseline monitoring of loaded modules and flag deviations
- Correlate gateway configuration changes with user authentication events to identify unauthorized access
How to Mitigate CVE-2026-28456
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.14 or later immediately
- Audit all existing hook module path configurations for suspicious entries containing path traversal sequences or absolute paths
- Review access controls for users with gateway configuration modification privileges
- Implement the principle of least privilege for configuration management access
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.14. The security fix implements strict validation of hook module paths through the isSafeRelativeModulePath() function, ensuring only workspace-relative paths without traversal sequences are accepted. Two commits address this vulnerability:
- Primary security patch - Implements path validation logic
- Additional hardening - Further security improvements
For detailed information, refer to the GitHub Security Advisory GHSA-v6c6-vqqg-w888.
Workarounds
- Restrict access to gateway configuration modification to only essential personnel until patching is complete
- Implement network segmentation to limit exposure of OpenClaw Gateway configuration interfaces
- Deploy application-level firewalls or WAF rules to monitor and block suspicious configuration changes
- Consider running OpenClaw Gateway in a containerized environment with restricted file system access to limit the impact of potential exploitation
# Configuration example - Restrict configuration file permissions
chmod 600 /path/to/openclaw/config/*.yaml
chown openclaw:openclaw /path/to/openclaw/config/*.yaml
# Enable audit logging for configuration changes
auditctl -w /path/to/openclaw/config/ -p wa -k openclaw_config_changes
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
