Description
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files.env from the working directory.
Published: 2026-03-19
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.2.21 contain a stdin‑only policy bypass in the grep tool inside tools.exec.safeBins that lets attackers read arbitrary files. By supplying a pattern via the -e flag and a positional filename operand, the attacker bypasses file access restrictions and can read sensitive files, such as .env, from the working directory. This is a CWE‑184 vulnerability that can compromise confidentiality.

Affected Systems

Affected systems include the OpenClaw product, all releases before 2026.2.21. The vulnerability is present in the grep binary packaged within the tools.exec.safeBins module. No other vendors or products are listed in the CNA data.

Risk and Exploitability

The CVSS score is 6.0, indicating a moderate severity. The EPSS score is < 1%, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited known exploitation. The attack vector is inferred to be local or application‑level, as the exploit requires the ability to invoke the grep tool with arbitrary flags. If an attacker can leverage the affected functionality, they can read any readable file, potentially leading to credential theft or other security breaches.

Generated by OpenCVE AI on May 26, 2026 at 15:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.21 or later to remove the grep policy bypass.
  • If an upgrade is not immediately possible, restrict or remove use of the grep tool in tools.exec.safeBins to prevent arbitrary file reads.
  • Monitor application logs for unexpected file read patterns and audit accesses to sensitive files such as .env.

Generated by OpenCVE AI on May 26, 2026 at 15:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3xfw-4pmr-4xc5 OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files .env from the working directory. OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files.env from the working directory.

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files .env from the working directory.
Title OpenClaw < 2026.2.21 - Arbitrary File Read via grep -e Flag Policy Bypass
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-27T14:52:19.879Z

Reserved: 2026-03-10T19:48:40.708Z

Link: CVE-2026-32022

cve-icon Vulnrichment

Updated: 2026-03-21T03:17:54.043Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T22:16:36.310

Modified: 2026-05-26T14:16:32.123

Link: CVE-2026-32022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:00:11Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs