Описание
OpenClaw safeBins file-existence oracle information disclosure
An information disclosure vulnerability in OpenClaw's tools.exec.safeBins approval flow allowed a file-existence oracle.
When safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker could probe for file presence by comparing outcomes for existing vs non-existing filenames.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.17 - Latest published vulnerable version at triage time:
2026.2.17 - Planned patched version:
2026.2.18
Impact
Attackers with access to this execution surface could infer whether specific files exist (for example secrets/config files), enabling filesystem enumeration and improving follow-on attack planning.
Fix
The safe-bin policy was changed to deterministic argv-only validation without host file-existence checks. File-oriented flags are blocked for safe-bin mode (for example sort -o, jq -f, grep -f), and trusted-path checks remain enforced.
Fix Commit(s)
bafdbb6f112409a65decd3d4e7350fbd637c7754
Found using MCPwner
Thanks @nedlir for reporting.
Пакеты
openclaw
<= 2026.2.17
2026.2.19
Связанные уязвимости
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.