OpenClaw Allowlist Bypass Vulnerability via Sort Compression Program Flag

A vulnerability allowing allowlist bypass has been identified in OpenClaw versions prior to 2026.2.22. This issue arises in the safe-bin configuration when the 'sort' command is manually added to 'tools.exec.safeBins'. In this scenario, attackers can exploit the '--compress-program' flag to execute arbitrary external programs without operator approval. This bypass occurs in allowlist mode with 'ask=on-miss' enabled, allowing the unauthorized execution of programs under the OpenClaw process context.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of external programs within the OpenClaw process, bypassing established approval mechanisms.

Reproduction

To reproduce this vulnerability, manually add 'sort' to the 'tools.exec.safeBins' configuration. Then, in an environment where 'security' is set to 'allowlist' and 'ask' is enabled, invoke the 'sort' command with the '--compress-program' flag. This will bypass the allowlist approval process and execute the specified program.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.