GHSA-QHRR-GRQP-6X2G

Vulnerability from github – Published: 2026-03-03 19:50 – Updated: 2026-03-03 19:50
VLAI
Summary
OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode
Details

Summary

In openclaw allowlist mode, tools.exec.safeBins trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute.

Impact

This is an allowlist bypass in exec policy that can lead to command execution in the OpenClaw runtime context when allowlist mode relies on safe bins and an attacker can influence trusted binary locations.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Vulnerable versions: <= 2026.2.21-2
  • Patched versions: >= 2026.2.22 (planned next release)
  • Latest published npm version at triage time (2026-02-22): 2026.2.21-2

Root Cause

  • Safe-bin trust accepted PATH-derived directories instead of explicit trusted directories.
  • Safe-bin execution used shell command tokens that could resolve to shadowed binaries.

Remediation

  • Stop trusting PATH-derived directories for safe-bin trust.
  • Add explicit tools.exec.safeBinTrustedDirs for opt-in extra trusted paths.
  • Pin safe-bin shell execution to resolved absolute executable paths.

Fix Commit(s)

  • 64b273a71cf0b2f2419c974832cede1fc2158729

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.22). After npm release, this advisory is ready for publish without additional field edits.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T19:50:45Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nIn `openclaw` allowlist mode, `tools.exec.safeBins` trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute.\n\n### Impact\nThis is an allowlist bypass in exec policy that can lead to command execution in the OpenClaw runtime context when allowlist mode relies on safe bins and an attacker can influence trusted binary locations.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Vulnerable versions: `\u003c= 2026.2.21-2`\n- Patched versions: `\u003e= 2026.2.22` (planned next release)\n- Latest published npm version at triage time (2026-02-22): `2026.2.21-2`\n\n### Root Cause\n- Safe-bin trust accepted PATH-derived directories instead of explicit trusted directories.\n- Safe-bin execution used shell command tokens that could resolve to shadowed binaries.\n\n### Remediation\n- Stop trusting PATH-derived directories for safe-bin trust.\n- Add explicit `tools.exec.safeBinTrustedDirs` for opt-in extra trusted paths.\n- Pin safe-bin shell execution to resolved absolute executable paths.\n\n### Fix Commit(s)\n- `64b273a71cf0b2f2419c974832cede1fc2158729`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.22`). After npm release, this advisory is ready for publish without additional field edits.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-qhrr-grqp-6x2g",
  "modified": "2026-03-03T19:50:45Z",
  "published": "2026-03-03T19:50:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qhrr-grqp-6x2g"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/64b273a71cf0b2f2419c974832cede1fc2158729"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…