OpenClaw Information Disclosure Vulnerability in SafeBins Execution Tool

A vulnerability allowing information disclosure through a file-existence oracle has been identified in OpenClaw versions prior to 2026.2.17. This issue arises in the 'tools.exec.safeBins' function within the File Existence Handler component. The vulnerability requires local exploitation and could be used to infer the presence of specific files on the host system, such as configuration or secret files, thereby aiding in filesystem enumeration and follow-on attack planning.

Impact

The vulnerability could be exploited to disclose the existence of files on the host system, allowing for enumeration of sensitive information such as secrets or configuration files.

Reproduction

The vulnerability can be reproduced by using the 'tools.exec.safeBins' function with the 'sort' command. The execution can be directed to a file that either exists or does not exist, which will reveal the file's presence based on the command's output. This behavior can be automated with a script that compares the results of file paths.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.19-beta.1, which addresses this vulnerability by removing the file-existence oracle behavior and implementing a more secure validation process for safeBins.