CVE-2026-4040

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.19-beta.1

Description An issue exists in OpenClaw related to information disclosure within the tools.exec.safeBins function of the File Existence Handler component. Manipulation of this function can lead to information exposure through discrepancy, requiring local access for exploitation. The issue involves a file-existence oracle where command behavior differs based on whether a file exists on the host filesystem, allowing attackers to probe for file presence and potentially enumerate the filesystem.

Recommendations Upgrade to version 2026.2.19-beta.1 or later to address this issue.

Fix

Side Channel Attack

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-200

Related Identifiers

CVE-2026-4040

GHSA-6C9J-X93C-RW6J

GHSA-XJJ9-2W6F-JG55

Affected Products

Openclaw

CVE-2026-4040

Weakness Enumeration

Related Identifiers

Affected Products

References · 14