GHSA-VMQR-RC7X-3446
Vulnerability from github – Published: 2026-03-03 18:54 – Updated: 2026-03-18 01:24
VLAI?
Summary
OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints
Details
When sort is explicitly added to tools.exec.safeBins (non-default), the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode.
Affected Packages / Versions
- Package:
openclaw(npm) - Vulnerable versions:
<=2026.2.21-2 - Latest published npm version checked during triage:
2026.2.21-2(as of February 22, 2026) - Patched in planned next release:
2026.2.22
Fix Commit(s)
57fbbaebca4d34d17549accf6092ae26eb7b605c
Release Process Note
patched_versions is pre-set to the planned next release (>=2026.2.22). Once that npm release is published, the advisory can be published directly.
OpenClaw thanks @tdjackey for reporting.
Severity ?
6.4 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-22169"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T18:54:55Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "When `sort` is explicitly added to `tools.exec.safeBins` (non-default), the `--compress-program` option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Vulnerable versions: `\u003c=2026.2.21-2`\n- Latest published npm version checked during triage: `2026.2.21-2` (as of February 22, 2026)\n- Patched in planned next release: `2026.2.22`\n\n## Fix Commit(s)\n\n- `57fbbaebca4d34d17549accf6092ae26eb7b605c`\n\n## Release Process Note\n\n`patched_versions` is pre-set to the planned next release (`\u003e=2026.2.22`). Once that npm release is published, the advisory can be published directly.\n\nOpenClaw thanks @tdjackey for reporting.",
"id": "GHSA-vmqr-rc7x-3446",
"modified": "2026-03-18T01:24:57Z",
"published": "2026-03-03T18:54:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vmqr-rc7x-3446"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw\u0027s non-default safeBins sort configuration can bypass intended allowlist approval constraints"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…