5 matches found
CVE-2026-4040
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...
CVE-2026-4040
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...
CVE-2026-4040
OpenClaw (up to 2026.2.17) contains a local-information-exposure vulnerability in the File Existence Handler, specifically in tools.exec.safeBins. Attack requires local access and can disclose partial information. A fix is available in 2026.2.19-beta.1 (patch id bafdbb6f112409a65decd3d4e7350fbd63...
OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write
Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...
GHSA-7FCC-CW49-XM78 OpenClaw has command injection via Windows shell fallback in Lobster tool execution
Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...