Description
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist mode with ask=on-miss enabled.
Published: 2026-03-19
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass flaw in the safe-bin configuration. When the sort utility is manually added to tools.exec.safeBins, an attacker can use the --compress-program flag to execute arbitrary external programs without operator approval. This vulnerability is categorized as CWE-78, indicating a command injection issue that can lead to arbitrary code execution within the context of the running application.

Affected Systems

The affected product is OpenClaw from the vendor OpenClaw. All installations running OpenClaw versions prior to 2026.2.22 are susceptible, as the vulnerability is tied specifically to versions before the 2026.2.22 release.

Risk and Exploitability

The CVSS score for this issue is 5.8, representing moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires that an attacker can invoke the sort utility within the application’s environment; no additional privilege escalation or external network exposure is required beyond that capability. The likely attack vector is an attacker who controls job or configuration inputs to the OpenClaw system, using sort’s --compress-program option to run malicious commands.

Generated by OpenCVE AI on March 19, 2026 at 23:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.2.22 or later to eliminate the allowlist bypass.
  • Verify the tools.exec.safeBins configuration and remove or restrict the entry for sort if it is not required.
  • Ensure the ask=on-miss setting is set to off or otherwise configured to prevent unrestricted execution.
  • Monitor logs for unexpected invocations of sort with the --compress-program flag to detect potential exploitation attempts.

Generated by OpenCVE AI on March 19, 2026 at 23:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4gc7-qcvf-38wg In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program
History

Fri, 20 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist mode with ask=on-miss enabled.
Title OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-20T18:22:07.024Z

Reserved: 2026-03-10T19:48:38.210Z

Link: CVE-2026-32010

cve-icon Vulnrichment

Updated: 2026-03-20T18:21:17.105Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:33.990

Modified: 2026-03-23T18:29:04.230

Link: CVE-2026-32010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:05:34Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')