Description
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files .env from the working directory.
Published: 2026-03-19
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions before 2026.2.21 contain a vulnerability in the grep command used by tools.exec.safeBins. By providing a pattern via the -e flag, an attacker can bypass the tool’s stdin‑only policy and supply a positional filename operand, enabling read access to any file in the working directory, such as .env that often holds credentials. The flaw is a CWE‑184 (Arbitrary File Read) that can compromise confidentiality of sensitive information.

Affected Systems

Affected systems include the OpenClaw product, all releases before 2026.2.21. The vulnerability is present in the grep binary packaged within the tools.exec.safeBins module. No other vendors or products are listed in the CNA data.

Risk and Exploitability

The CVSS score is 6.0, indicating a moderate severity. EPSS data is unavailable and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited known exploitation. The attack vector is inferred to be local or application‑level, as the exploit requires the ability to invoke the grep tool with arbitrary flags. If an attacker can leverage the affected functionality, they can read any readable file, potentially leading to credential theft or other security breaches.

Generated by OpenCVE AI on March 19, 2026 at 23:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.21 or later to remove the grep policy bypass.
  • If an upgrade is not immediately possible, restrict or remove use of the grep tool in tools.exec.safeBins to prevent arbitrary file reads.
  • Monitor application logs for unexpected file read patterns and audit accesses to sensitive files such as .env.

Generated by OpenCVE AI on March 19, 2026 at 23:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3xfw-4pmr-4xc5 OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files .env from the working directory.
Title OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:28:22.113Z

Reserved: 2026-03-10T19:48:40.708Z

Link: CVE-2026-32022

cve-icon Vulnrichment

Updated: 2026-03-21T03:17:54.043Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T22:16:36.310

Modified: 2026-03-25T15:16:44.980

Link: CVE-2026-32022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T10:44:30Z

Weaknesses