Primary

Context

OpenClaw Command Injection Vulnerability in SafeBins Execution

Vulnerability

A command injection vulnerability has been identified in OpenClaw versions prior to 2026.2.19. This vulnerability resides in the tools.exec.safeBins feature, allowing attackers to bypass restrictions that limit input to standard input only. By exploiting this flaw with certain output flags of the sort command or recursive flags of the grep command, attackers can manipulate file writes or reads, respectively. This circumvention of safe-bin execution restrictions could lead to unauthorized file access or modification.

Impact

Exploitation of this vulnerability allows for arbitrary file writes or reads, depending on the flags used, bypassing the intended safe-bin execution limitations.

Remediation

Users can upgrade to OpenClaw version 2026.2.19 or later to address this vulnerability.

Added: Mar 23, 2026, 10:25 PM

Updated: Mar 23, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

5.9

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

5.9

remediation

0.0

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Command Injection Vulnerability in SafeBins Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating