GHSA-6c9j-x93c-rw6j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6c9j-x93c-rw6j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-6c9j-x93c-rw6j/GHSA-6c9j-x93c-rw6j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6c9j-x93c-rw6j
- Aliases
- Downstream
- Published
- 2026-02-19T22:06:26Z
- Modified
- 2026-03-14T05:19:19.215975Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- OpenClaw safeBins file-existence oracle information disclosure
- Details
-
An information disclosure vulnerability in OpenClaw's
tools.exec.safeBinsapproval flow allowed a file-existence oracle.When safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker could probe for file presence by comparing outcomes for existing vs non-existing filenames.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.2.17 - Latest published vulnerable version at triage time:
2026.2.17 - Planned patched version:
2026.2.18
Impact
Attackers with access to this execution surface could infer whether specific files exist (for example secrets/config files), enabling filesystem enumeration and improving follow-on attack planning.
Fix
The safe-bin policy was changed to deterministic argv-only validation without host file-existence checks. File-oriented flags are blocked for safe-bin mode (for example
sort -o,jq -f,grep -f), and trusted-path checks remain enforced.Fix Commit(s)
bafdbb6f112409a65decd3d4e7350fbd637c7754
Found using MCPwner
Thanks @nedlir for reporting.
- Package:
- Database specific
{ "severity": "MODERATE", "cwe_ids": [ "CWE-203" ], "github_reviewed": true, "github_reviewed_at": "2026-02-19T22:06:26Z", "nvd_published_at": null }- References
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw