Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
OpenClaw: Manually Adding Sort to Safe Bins Can Bypass Approval
GHSA-4gc7-qcvf-38wg
Summary
OpenClaw's safe-bin feature is designed to prevent unauthorized programs from running. However, if you manually add the 'sort' command to the safe bins list, it can be used to bypass the approval process and run an external program without permission. To fix this, OpenClaw will restrict the 'sort' command's ability to run external programs, preventing this bypass. If you're using OpenClaw, make sure to update to the latest version to ensure your security settings remain effective.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21-2 | 2026.2.22 |
Original title
In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program
Original description
### Summary
This issue applies to a **non-default configuration** only.
If `sort` is manually added to `tools.exec.safeBins`, OpenClaw could treat `sort --compress-program=<prog>` as valid safe-bin usage.
In `security=allowlist` + `ask=on-miss`, this could satisfy allowlist checks and skip operator approval, while GNU `sort` may invoke an external program via `--compress-program`.
### Affected Packages / Versions
- Ecosystem: npm
- Package: `openclaw`
- Affected: `<= 2026.2.21-2`
- Patched (planned next release): `>= 2026.2.22`
### Default Installations
Default installs are not impacted by this specific path because `sort` is not included in default `tools.exec.safeBins`.
### Impact
- Type: approval/allowlist bypass in optional safe-bin configuration
- Scope: deployments that explicitly include `sort` in `tools.exec.safeBins` and use `allowlist + ask=on-miss`
- Consequence: an external program may run under the OpenClaw process context without expected approval
### Technical Details
- `sort` safe-bin profile allowed `--compress-program` as a value flag.
- Safe-bin satisfaction could therefore mark allowlist checks as satisfied.
- In `ask=on-miss`, satisfied allowlist checks skip approval prompts.
### Fix
- Block `--compress-program` in safe-bin sort policy.
- Add unit and e2e regression coverage for `sort --compress-program` denial in safe-bin mode.
### Fix Commit(s)
- `57fbbaebca4d34d17549accf6092ae26eb7b605c`
OpenClaw thanks @tdjackey for reporting.
This issue applies to a **non-default configuration** only.
If `sort` is manually added to `tools.exec.safeBins`, OpenClaw could treat `sort --compress-program=<prog>` as valid safe-bin usage.
In `security=allowlist` + `ask=on-miss`, this could satisfy allowlist checks and skip operator approval, while GNU `sort` may invoke an external program via `--compress-program`.
### Affected Packages / Versions
- Ecosystem: npm
- Package: `openclaw`
- Affected: `<= 2026.2.21-2`
- Patched (planned next release): `>= 2026.2.22`
### Default Installations
Default installs are not impacted by this specific path because `sort` is not included in default `tools.exec.safeBins`.
### Impact
- Type: approval/allowlist bypass in optional safe-bin configuration
- Scope: deployments that explicitly include `sort` in `tools.exec.safeBins` and use `allowlist + ask=on-miss`
- Consequence: an external program may run under the OpenClaw process context without expected approval
### Technical Details
- `sort` safe-bin profile allowed `--compress-program` as a value flag.
- Safe-bin satisfaction could therefore mark allowlist checks as satisfied.
- In `ask=on-miss`, satisfied allowlist checks skip approval prompts.
### Fix
- Block `--compress-program` in safe-bin sort policy.
- Add unit and e2e regression coverage for `sort --compress-program` denial in safe-bin mode.
### Fix Commit(s)
- `57fbbaebca4d34d17549accf6092ae26eb7b605c`
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
7.3
Vulnerability type
CWE-78
OS Command Injection
CWE-184
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026