PT-2026-25445 · Npm · Openclaw

Published

2026-03-03

·

Updated

2026-03-03

CVSS v4.0

2.3

Low

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

When tools.exec.safeBins contained a binary without an explicit safe-bin profile, OpenClaw used a permissive generic fallback profile. In allowlist mode, that could let interpreter-style binaries (for example python3, node, ruby) execute inline payloads via flags like -c.
This requires explicit operator configuration to add such binaries to safeBins, so impact is limited to non-default/misconfigured deployments.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.21-2
  • Patched in code: >= 2026.2.22 (planned next npm release)

Fix

  • Remove generic safe-bin fallback during allowlist evaluation.
  • Require explicit safe-bin profiles for safeBins entries.
  • Add configurable tools.exec.safeBinProfiles (global + per-agent) for safe custom binaries.
  • Update docs to clearly separate safeBins from command allowlist semantics.

Fix Commit(s)

  • 47c3f742b6c488be26dd7b9636dbbb8676089154

Release Process Note

patched versions is pre-set to the planned next release (>= 2026.2.22) so once that npm release is published, the advisory can be published directly without further metadata edits.
OpenClaw thanks @tdjackey for reporting.

Fix

OS Command Injection

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-693

Related Identifiers

GHSA-8MF7-VV8W-HJR2

Affected Products

Openclaw