PT-2026-22527 — OS Command Injection in Npm Openclaw

PT-2026-22527 · Npm · Openclaw

Published

2026-02-19

Updated

2026-02-19

CVSS v3.1

3.6

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

tools.exec.safeBins could be bypassed for filesystem access when sort output flags (-o / --output) or recursive grep flags were allowed through safe-bin execution paths.

Affected Packages / Versions

Package: openclaw (npm)
Affected versions: <= 2026.2.17
Patched versions: >= 2026.2.19
Latest published version at triage time: 2026.2.17

Impact

In deployments that enabled tools.exec.safeBins, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (sort -o) or recursive file reads (grep -R).

Fix Commit(s)

2c05cbb43e48ebad03626d3125746fb1b9a8520f

Found using MCPwner

Thanks @nedlir for reporting.

Fix

OS Command Injection

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-184

Related Identifiers

GHSA-4685-C5CP-VP95

Affected Products

Openclaw