OpenClaw Path Hijacking Vulnerability in SafeBins Allowlist Bypass
Vulnerability
A path hijacking vulnerability has been identified in OpenClaw versions 2026.1.21 prior to 2026.2.19. This vulnerability resides in the 'tools.exec.safeBins' feature, allowing attackers to manipulate the process PATH resolution and bypass allowlist checks. By influencing the gateway process PATH or launch environment, attackers can execute trojan binaries disguised as allowlisted names, such as 'jq', thereby circumventing executable validation controls.
Impact
Exploitation of this vulnerability allows for the execution of unauthorized binaries under the guise of allowlisted executables, bypassing established security validations.
Reproduction
To reproduce this vulnerability, first, set the process PATH or launch environment to include a directory containing a trojan binary named 'jq'. Then, start the OpenClaw gateway. The trojan binary will be executed, bypassing the allowlist validation.
Remediation
Users should update to OpenClaw version 2026.2.19 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.