Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenClaw Tools Allow Local Access to Sensitive Information
GHSA-xjj9-2w6f-jg55
Summary
A security issue in OpenClaw versions up to 2026.2.17 can allow an attacker with local access to see sensitive information they shouldn't have. This means that if you use an affected version, you should update to the latest version, 2026.2.19-beta.1, to fix the issue.
What to do
- Update openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.19 | 2026.2.19 |
Original title
Duplicate Advisory: OpenClaw safeBins file-existence oracle information disclosure
Original description
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of [OTHER GHSA-ID]. This link is maintained to preserve external references.
### Original Description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
This advisory has been withdrawn because it is a duplicate of [OTHER GHSA-ID]. This link is maintained to preserve external references.
### Original Description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
ghsa CVSS3.1
3.3
ghsa CVSS4.0
4.8
Vulnerability type
CWE-200
Information Exposure
- https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
- https://nvd.nist.gov/vuln/detail/CVE-2026-4040
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c...
- https://github.com/openclaw/openclaw
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1
- https://vuldb.com/?ctiid.350652
- https://vuldb.com/?id.350652
- https://vuldb.com/?submit.769581
- https://github.com/advisories/GHSA-xjj9-2w6f-jg55
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026