OpenClaw Exec Allowlist Bypass Vulnerability Allowing Arbitrary File Write
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.2.19, where the exec allowlist safeBins policy can be bypassed. This allows attackers to write arbitrary files by using short-option payloads with whitelisted binaries. The vulnerability arises because argument validation can be circumvented by attaching file-output options to approved commands, enabling unauthorized file write actions that should be blocked by the safeBins safeguards.
Impact
Exploitation of this vulnerability could lead to unauthorized file write operations, potentially allowing for further exploitation or manipulation of the application or its environment.
Reproduction
To reproduce this vulnerability, use a version of OpenClaw prior to 2026.2.19. Set the 'tools.exec.security' option to 'allowlist' and include a binary in the 'tools.exec.safeBins' allowlist that can accept short options, such as 'sort' or 'grep'. When the command is executed, the short option can be used to bypass the safeBins checks and write files arbitrarily.
Remediation
Users can update to OpenClaw version 2026.2.19 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.