Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.6
OpenClaw Allows Unintended File Access Through Safe-Bin Paths
GHSA-4685-c5cp-vp95
Summary
Using OpenClaw versions 2026.2.17 and earlier, an attacker can bypass security controls to read or write files on a system. This is a concern for deployments that use OpenClaw's safe-bin feature. To resolve this issue, update to version 2026.2.18 or later.
What to do
- Update steipete openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.17 | 2026.2.19 |
Original title
OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Original description
## Summary
`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.17`
- Patched versions: `>= 2026.2.18`
- Latest published version at triage time: `2026.2.17`
## Impact
In deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).
## Fix Commit(s)
- `cfe8457a0f067c89cb8f0a3684f619bc2b73d680`
Found using [MCPwner](https://github.com/Pigyon/MCPwner)
Thanks @nedlir for reporting.
`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.17`
- Patched versions: `>= 2026.2.18`
- Latest published version at triage time: `2026.2.17`
## Impact
In deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).
## Fix Commit(s)
- `cfe8457a0f067c89cb8f0a3684f619bc2b73d680`
Found using [MCPwner](https://github.com/Pigyon/MCPwner)
Thanks @nedlir for reporting.
ghsa CVSS3.1
3.6
Vulnerability type
CWE-78
OS Command Injection
CWE-184
Published: 19 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026