CVE-2026-28484 Overview
CVE-2026-28484 is a command injection vulnerability affecting OpenClaw versions prior to 2026.2.15. The vulnerability exists in the git-hooks/pre-commit hook, which fails to properly sanitize filenames when processing staged files. Attackers can exploit this flaw by creating maliciously-named files beginning with dashes, enabling them to inject git flags and potentially add sensitive ignored files like .env to git history.
Critical Impact
This vulnerability allows attackers to bypass gitignore rules and inject arbitrary git command flags through crafted filenames, potentially exposing sensitive credentials and configuration files committed to version control.
Affected Products
- OpenClaw versions prior to 2026.2.15
Discovery Timeline
- 2026-03-05 - CVE-2026-28484 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28484
Vulnerability Analysis
This command injection vulnerability (CWE-77) occurs due to improper input validation in the pre-commit hook script. The vulnerable code pipes filenames through xargs to git add without using the standard -- separator that distinguishes options from positional arguments. This design flaw allows an attacker with the ability to create files in the repository to craft filenames that begin with dash characters, which are then interpreted as git command-line flags rather than file paths.
The impact of successful exploitation is significant. An attacker can force the staging of files that would normally be excluded by .gitignore rules, such as .env files containing API keys, database credentials, or other sensitive configuration data. Once these files are committed and pushed, the credentials become exposed in the repository history.
Root Cause
The root cause is the missing -- argument separator in the shell pipeline that processes filenames. In Unix/Linux command-line conventions, the -- separator signals the end of command options, ensuring that subsequent arguments are treated as literal values even if they begin with dashes. Without this separator, a filename like -f or --force is misinterpreted as a command flag, enabling option injection attacks.
Attack Vector
The attack vector is network-based, requiring the attacker to introduce a maliciously-named file into a repository that uses the vulnerable OpenClaw pre-commit hook. This could occur through:
- A malicious contributor submitting files with crafted names
- Compromised dependencies or build artifacts with injected filenames
- User-controlled input that influences file creation
When the pre-commit hook executes, the crafted filename is passed through xargs without proper sanitization, injecting attacker-controlled flags into the git add command. This can force ignored files to be staged, bypassing repository security configurations.
The vulnerability mechanism involves the unsafe piping of filenames through xargs to git add without the -- separator. When a file is created with a name starting with a dash (such as -A), the pre-commit hook interprets this as a git flag rather than a filename, allowing attackers to add all files including those in .gitignore. For complete technical details, see the GitHub Security Advisory.
Detection Methods for CVE-2026-28484
Indicators of Compromise
- Presence of files with names beginning with dashes (e.g., -A, -f, --force) in repository directories
- Unexpected sensitive files (.env, .secrets, credential files) appearing in git staging area or commit history
- Anomalous git commit patterns showing previously-ignored files being staged
Detection Strategies
- Audit repository history for commits containing files that should be in .gitignore
- Implement file system monitoring to detect creation of dash-prefixed filenames
- Review pre-commit hook execution logs for unusual git add behavior
- Scan repositories for exposed credentials that may have been inadvertently committed
Monitoring Recommendations
- Enable git audit logging to track all staging and commit operations
- Implement secret scanning tools to detect accidentally committed credentials
- Monitor for files with suspicious naming patterns in pull requests and commits
- Set up alerts for modifications to .gitignore or pre-commit hook files
How to Mitigate CVE-2026-28484
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.15 or later immediately
- Audit existing repositories for any exposed sensitive files in git history
- Review recent commits for signs of exploitation
- Rotate any credentials that may have been inadvertently committed
Patch Information
OpenClaw has released security patches to address this vulnerability. The fix implements proper argument separation using -- in the pre-commit hook to prevent option injection. The patches are available at:
Additional information is available in the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- Manually modify the pre-commit hook to add -- before filename arguments in xargs/git add pipelines
- Implement file naming policies that reject files beginning with dash characters
- Use repository scanning tools to block commits containing suspicious filenames
- Temporarily disable the vulnerable pre-commit hook until patches can be applied
# Configuration example
# Manually fix the pre-commit hook by adding -- separator
# Before (vulnerable):
# git diff --cached --name-only | xargs git add
# After (fixed):
git diff --cached --name-only | xargs git add --
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
