PT-2026-25426 · Npm · Openclaw

Published

2026-03-03

·

Updated

2026-03-03

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program=<prog> as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU sort may invoke an external program via --compress-program.

Affected Packages / Versions

  • Ecosystem: npm
  • Package: openclaw
  • Affected: <= 2026.2.21-2
  • Patched (planned next release): >= 2026.2.22

Default Installations

Default installs are not impacted by this specific path because sort is not included in default tools.exec.safeBins.

Impact

  • Type: approval/allowlist bypass in optional safe-bin configuration
  • Scope: deployments that explicitly include sort in tools.exec.safeBins and use allowlist + ask=on-miss
  • Consequence: an external program may run under the OpenClaw process context without expected approval

Technical Details

  • sort safe-bin profile allowed --compress-program as a value flag.
  • Safe-bin satisfaction could therefore mark allowlist checks as satisfied.
  • In ask=on-miss, satisfied allowlist checks skip approval prompts.

Fix

  • Block --compress-program in safe-bin sort policy.
  • Add unit and e2e regression coverage for sort --compress-program denial in safe-bin mode.

Fix Commit(s)

  • 57fbbaebca4d34d17549accf6092ae26eb7b605c
OpenClaw thanks @tdjackey for reporting.

Fix

OS Command Injection

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-184

Related Identifiers

GHSA-4GC7-QCVF-38WG

Affected Products

Openclaw