Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw: Malicious Binary Can Be Executed in Trusted Path
GHSA-qhrr-grqp-6x2g
Summary
A software called OpenClaw has a security weakness that allows an attacker to trick the system into running a malicious program instead of a trusted one. This happens when the system relies on a feature called 'safe bins' and an attacker can influence where trusted binaries are located. To fix this, OpenClaw developers are releasing a new version that will prevent this type of attack. If you use OpenClaw, it's a good idea to update to the latest version as soon as it's available.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode
Original description
### Summary
In `openclaw` allowlist mode, `tools.exec.safeBins` trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute.
### Impact
This is an allowlist bypass in exec policy that can lead to command execution in the OpenClaw runtime context when allowlist mode relies on safe bins and an attacker can influence trusted binary locations.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable versions: `<= 2026.2.21-2`
- Patched versions: `>= 2026.2.22` (planned next release)
- Latest published npm version at triage time (2026-02-22): `2026.2.21-2`
### Root Cause
- Safe-bin trust accepted PATH-derived directories instead of explicit trusted directories.
- Safe-bin execution used shell command tokens that could resolve to shadowed binaries.
### Remediation
- Stop trusting PATH-derived directories for safe-bin trust.
- Add explicit `tools.exec.safeBinTrustedDirs` for opt-in extra trusted paths.
- Pin safe-bin shell execution to resolved absolute executable paths.
### Fix Commit(s)
- `64b273a71cf0b2f2419c974832cede1fc2158729`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.22`). After npm release, this advisory is ready for publish without additional field edits.
OpenClaw thanks @tdjackey for reporting.
In `openclaw` allowlist mode, `tools.exec.safeBins` trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute.
### Impact
This is an allowlist bypass in exec policy that can lead to command execution in the OpenClaw runtime context when allowlist mode relies on safe bins and an attacker can influence trusted binary locations.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable versions: `<= 2026.2.21-2`
- Patched versions: `>= 2026.2.22` (planned next release)
- Latest published npm version at triage time (2026-02-22): `2026.2.21-2`
### Root Cause
- Safe-bin trust accepted PATH-derived directories instead of explicit trusted directories.
- Safe-bin execution used shell command tokens that could resolve to shadowed binaries.
### Remediation
- Stop trusting PATH-derived directories for safe-bin trust.
- Add explicit `tools.exec.safeBinTrustedDirs` for opt-in extra trusted paths.
- Pin safe-bin shell execution to resolved absolute executable paths.
### Fix Commit(s)
- `64b273a71cf0b2f2419c974832cede1fc2158729`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.22`). After npm release, this advisory is ready for publish without additional field edits.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
6.9
Vulnerability type
CWE-426
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026