CVE-2026-4040

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.19-beta.1

Description An issue exists in OpenClaw related to information disclosure within the tools.exec.safeBins function of the File Existence Handler component. Manipulation of this function can lead to information exposure through discrepancy, requiring local access for exploitation. The issue involves a file-existence oracle where command behavior differs based on whether a file exists on the host filesystem, allowing attackers to probe for file presence and potentially enumerate the filesystem.

Recommendations Upgrade to version 2026.2.19-beta.1 or later to address this issue.