PT-2026-25420 · Npm · Openclaw

Published

2026-03-03

·

Updated

2026-03-03

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

OpenClaw tools.exec.safeBins had a stdin-only policy bypass for grep. If pattern input was supplied through -e / --regexp, the validator consumed the pattern as a flag value and still allowed one positional operand. That positional could be a bare filename like .env.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published vulnerable version: 2026.2.19-2
  • Structured vulnerable range: <= 2026.2.19-2
  • Planned fixed range for next release: >= 2026.2.21

Exploit Preconditions

  • tools.exec.safeBins must include grep (this is opt-in; grep is not in the default safe-bin list).
  • An actor must be able to invoke exec tooling under that profile.

Technical Details

src/infra/exec-safe-bin-policy.ts configured grep with maxPositional: 1 and allowed -e / --regexp value flags. Because -e consumes the pattern in flag-value position, the remaining positional budget could be used for a file operand. Example accepted input in vulnerable builds:
bash
grep -e SECRET .env
That violated the intended stdin-only guarantee for safe bins.

Impact

With grep opt-in enabled, callers could read bare-relative files from the working directory (for example .env, credentials.txt) in flows expected to be stdin-only.

Severity Rationale

CVSS v3.1 is set to: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (5.3, Medium)
AC:H is used because exploitation depends on a non-default configuration (grep must be explicitly added to safe bins) in addition to normal low-privilege tool-invocation capability.

Fix Commit(s)

  • c6ee14d60e4cbd6a82f9b2d74ebeb1e8ee814964

Release Process Note

patched versions is pre-set to >= 2026.2.21 so this advisory is ready to publish after the 2026.2.21 npm release is live.
OpenClaw thanks @athuljayaram for reporting.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

GHSA-3XFW-4PMR-4XC5

Affected Products

Openclaw