CVE-2026-4040

Опубликовано: 12 мар. 2026

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

CVSS2: 1.7

EPSS Низкий

Описание

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.

Ссылки

https://github.com/openclaw/openclaw/
Product
https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754
Patch
https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1
Release Notes
https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
Vendor Advisory
https://vuldb.com/?ctiid.350652
Permissions Required
VDB Entry
https://vuldb.com/?id.350652
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.769581
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Версия от 2026.2.0 (включая) до 2026.2.19 (исключая)

EPSS

Процентиль: 3%

0.00014

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-6c9j-x93c-rw6j

CVSS3: 4.3

github

около 2 месяцев назад

OpenClaw safeBins file-existence oracle information disclosure

EPSS

Процентиль: 3%

0.00014

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-200