Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenClaw: Local Access Can Expose Sensitive Information
CVE-2026-4040
Summary
A flaw in OpenClaw's File Existence Handler can allow an attacker with local access to see sensitive information. This affects versions up to 2026.2.17. To fix this, upgrade to version 2026.2.19-beta.1 or update the File Existence Handler component.
Original title
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposu...
Original description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-200
Information Exposure
CWE-203
- https://github.com/openclaw/openclaw/
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c...
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1
- https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
- https://vuldb.com/?ctiid.350652
- https://vuldb.com/?id.350652
- https://vuldb.com/?submit.769581
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026