OpenClaw Policy Bypass Vulnerability in SafeBins Allowlist Evaluation

A policy bypass vulnerability has been identified in OpenClaw versions prior to 2026.2.24. The issue arises in the safeBins allowlist evaluation, which improperly trusts static default directories, including writable package-manager paths such as /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these directories can place a malicious binary named after an allowed executable, leading to arbitrary command execution within the OpenClaw runtime context.

Impact

Exploitation of this vulnerability allows for a safeBins policy bypass, enabling unauthorized command execution in the OpenClaw runtime environment.

Reproduction

To reproduce this vulnerability, write a malicious binary into a trusted package-manager directory, such as /opt/homebrew/bin or /usr/local/bin. The binary must have the same name as an executable that is allowed by the safeBins policy. Once the binary is in place, execute a command that triggers the safeBins allowlist evaluation. The malicious binary will be executed instead of the intended one, demonstrating the policy bypass.

Remediation

Users can update to OpenClaw version 2026.2.24 or later, which addresses this vulnerability by restricting default trusted directories to system paths and requiring explicit opt-in for package-manager paths.