Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenClaw File Existence Handler information exposed locally if not updated
GHSA-6c9j-x93c-rw6j
Summary
A security issue in OpenClaw versions up to 2026.2.17 allows an attacker with local access to view sensitive information. To fix this, update to OpenClaw version 2026.2.19-beta.1 or patch the File Existence Handler component. This will prevent the exposure of sensitive data.
What to do
- Update steipete openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.17 | 2026.2.19 |
Original title
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposu...
Original description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
ghsa CVSS3.1
4.3
Vulnerability type
CWE-203
CWE-200
Information Exposure
- https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c...
- https://github.com/advisories/GHSA-6c9j-x93c-rw6j
- https://github.com/openclaw/openclaw/
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1
- https://vuldb.com/?ctiid.350652
- https://vuldb.com/?id.350652
- https://vuldb.com/?submit.769581
- https://nvd.nist.gov/vuln/detail/CVE-2026-4040
Published: 19 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026