Nullpointerexcepted

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.23 through 2026.4.11 **Description** An issue exists in the execution of busybox and toybox applets where weakened exec approval binding allows attackers to obscure which applet is actually running. By exploiting opaque multi-call binaries (binaries that provide multiple tools within a single executable), attackers can bypass exec approval mechanisms and weaken the risk classification of unsafe applet invocations. **Recommendations** Update to version 2026.4.12 or newer.