Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
OpenClaw allows trojans to masquerade as safe binaries
GHSA-g75x-8qqm-2vxp
Summary
A security issue in OpenClaw allows malicious software to disguise itself as a trusted program, potentially allowing unauthorized access to your system. This issue affects OpenClaw versions 2026.1.21 to 2026.2.18. To fix this, update to version 2026.2.19. If you can't update immediately, ensure that only trusted paths are used to run executables.
What to do
- Update openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | > 2026.1.21 , <= 2026.2.19 | 2026.2.19 |
Original title
OpenClaw's `tools.exec.safeBins` PATH-hijack allowed trojan binaries to bypass allowlist checks
Original description
## Summary
`tools.exec.safeBins` allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version at triage time: `2026.2.17`
- Affected range: `>= 2026.1.21 < 2026.2.18`
- Patched version: `2026.2.19`
## Impact
In allowlist mode, `safeBins` validation previously accepted a resolved executable path based on executable name and argument shape, without enforcing trusted executable directories. If an attacker could influence process PATH resolution before gateway startup (or otherwise control the gateway launch environment), a trojan binary with an allowlisted name (for example `jq`) could be executed.
## Severity Rationale
This issue is rated `medium` because exploitation requires an additional precondition: influencing the gateway process PATH / launch environment. Request-scoped PATH injection is blocked for host execution.
## Fix
`safeBins` now requires the resolved executable path to come from trusted bin directories (system defaults plus gateway startup PATH), closing the bypass.
## Fix Commit(s)
- 28bac46c92069dc728524fbf383024c1b64e5c23
OpenClaw thanks @jackhax for reporting.
`tools.exec.safeBins` allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published version at triage time: `2026.2.17`
- Affected range: `>= 2026.1.21 < 2026.2.18`
- Patched version: `2026.2.19`
## Impact
In allowlist mode, `safeBins` validation previously accepted a resolved executable path based on executable name and argument shape, without enforcing trusted executable directories. If an attacker could influence process PATH resolution before gateway startup (or otherwise control the gateway launch environment), a trojan binary with an allowlisted name (for example `jq`) could be executed.
## Severity Rationale
This issue is rated `medium` because exploitation requires an additional precondition: influencing the gateway process PATH / launch environment. Request-scoped PATH injection is blocked for host execution.
## Fix
`safeBins` now requires the resolved executable path to come from trusted bin directories (system defaults plus gateway startup PATH), closing the bypass.
## Fix Commit(s)
- 28bac46c92069dc728524fbf383024c1b64e5c23
OpenClaw thanks @jackhax for reporting.
ghsa CVSS4.0
7.7
Vulnerability type
CWE-426
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026