Home

Description

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.

PUBLISHED Reserved 2026-03-12 | Published 2026-03-12 | Updated 2026-03-12 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C
1.7AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:OF/RC:C

Problem types

Information Exposure Through Discrepancy

Information Disclosure

Timeline

2026-03-12:Advisory disclosed
2026-03-12:VulDB entry created
2026-03-12:VulDB entry last update

Credits

nedlir (VulDB User) reporter

References

vuldb.com/?id.350652 (VDB-350652 | OpenClaw File Existence tools.exec.safeBins information exposure) vdb-entry technical-description

vuldb.com/?ctiid.350652 (VDB-350652 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.769581 (Submit #769581 | openclaw 2026.2.17 Information Disclosure) third-party-advisory

github.com/...enclaw/security/advisories/GHSA-6c9j-x93c-rw6j related

github.com/...ommit/bafdbb6f112409a65decd3d4e7350fbd637c7754 patch

github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1 patch

github.com/openclaw/openclaw/ product

cve.org (CVE-2026-4040)

nvd.nist.gov (CVE-2026-4040)

Download JSON