GHSA-3x3x-h76w-hp98
OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write
상세
### Summary OpenClaw `exec` allowlist/safeBins policy could be bypassed with attached short-option payloads (for example `sort -o/tmp/poc`), enabling file-write operations while still satisfying safeBins checks.
### Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.17` - Latest published vulnerable version: `2026.2.17` - Patched in: `2026.2.19`
### Impact When `tools.exec.security=allowlist` and `tools.exec.safeBins` included affected binaries, attached short-option payloads could bypass safeBins argument validation and permit file-write behavior that should have been denied.
### Fix Commit(s) - cfe8457a0f4aae5324daec261d3b0aad1461a4bc - bafdbb6f112409a65decd3d4e7350fbd637c7754 - fec48a5006eab37c6a5821726ccaeec886486b13
OpenClaw thanks @FailButWin and @Redgrave961 for reporting.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3x3x-h76w-hp98 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-32017 [ADVISORY]
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754 [WEB]
- https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc [WEB]
- https://github.com/openclaw/openclaw/commit/fec48a5006eab37c6a5821726ccaeec886486b13 [WEB]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-short-option-bypass-in-exec-allowlist [WEB]