CVE-2026-32022

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.21

Description OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass in the grep tool within tools.exec.safeBins. This allows attackers to read arbitrary files by providing a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files, such as .env files, from the working directory. The issue occurs because the validator consumes the pattern as a flag value, but still allows one positional operand, which can be a filename. The tools.exec.safeBins must include grep for the vulnerability to be exploitable. The vulnerable component is src/infra/exec-safe-bin-policy.ts, which configured grep with maxPositional: 1 and allowed -e / --regexp value flags. An example of accepted input in vulnerable builds is grep -e SECRET .env.

Recommendations Update OpenClaw to version 2026.2.21 or later.