Description
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin approval constraints by leveraging the compress-program parameter to execute unauthorized external programs.
Published: 2026-03-18
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions before 2026.2.22 contain an allowlist bypass in the safeBins configuration that lets an attacker invoke external helpers through the compress-program option. The vulnerability enables the execution of arbitrary external programs, effectively providing remote code execution capability. The weakness is categorized as CWE-78, indicating improper command/OS execution.

Affected Systems

Affected vendor: OpenClaw. Product: OpenClaw. All releases prior to 2026.2.22 are vulnerable. The specific configuration change that triggers the issue is the addition of the "sort" tool to tools.exec.safeBins.

Risk and Exploitability

The CVSS base score is 7.1, indicating a high severity. EPSS is not available, so the likelihood of automated exploitation is uncertain. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, as the description states that remote attackers can bypass the safe-bin approval constraints via the compress-program parameter. Exploitation requires the ability to modify or influence the configuration, which may be possible for attackers with system configuration access or via exposed APIs.

Generated by OpenCVE AI on March 18, 2026 at 03:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.22 or later.
  • Verify that the sort tool is not present in the tools.exec.safeBins configuration after the upgrade.

Generated by OpenCVE AI on March 18, 2026 at 03:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vmqr-rc7x-3446 OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 18 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin approval constraints by leveraging the compress-program parameter to execute unauthorized external programs.
Title OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:32:16.170Z

Reserved: 2026-01-06T16:47:17.179Z

Link: CVE-2026-22169

cve-icon Vulnrichment

Updated: 2026-03-18T14:04:54.025Z

cve-icon NVD

Status : Modified

Published: 2026-03-18T02:16:20.893

Modified: 2026-03-25T15:16:35.977

Link: CVE-2026-22169

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:53:46Z

Weaknesses