A vulnerability was found in OpenClaw up to 2026.2.21 . It has been classified as critical . This impacts an unknown function of the component Double Quote Handler . Performing a manipulation results in os command injection. This vulnerability is reported as CVE-2026-28460 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.