OpenClaw Sort Command Approval Bypass Vulnerability via Long Option Abbreviations

A vulnerability in OpenClaw version 2026.2.22-2 prior to 2026.2.23 allows remote attackers to bypass approval checks for the sort command in tools.exec.safeBins. The issue arises because the validation for long options does not properly handle abbreviations, enabling attackers to exploit this flaw and execute commands without the necessary approvals. This vulnerability is particularly concerning when the execution policy is set to allowlist, as it can lead to unauthorized command execution.

Impact

Exploitation of this vulnerability allows for unauthorized execution of sort commands with abbreviated long options, bypassing approval requirements in allowlist mode.

Reproduction

To reproduce this vulnerability, first ensure that OpenClaw is running a version prior to 2026.2.23 and that the tools.exec.safeBins profile includes 'sort'. With the tools.exec.security setting set to allowlist and tools.exec.ask activated, use an abbreviated long option for the sort command that is typically denied. The command will be executed without the required approval, demonstrating the bypass.

Remediation

Users can upgrade to OpenClaw version 2026.2.23 or later to address this vulnerability.