Untriaged
Permalink
CVE-2026-22169
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin approval constraints by leveraging the compress-program parameter to execute unauthorized external programs.
References
- GitHub Security Advisory (GHSA-vmqr-rc7x-3446) third-party-advisory
- Patch Commit patch
- VulnCheck Advisory: OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins third-party-advisory
Affected products
OpenClaw
- <2026.2.22
Package maintainers
-
@chrisportela Chris Portela <chris@chrisportela.com>