CVE-2026-4040
OpenClaw safeBins file-existence oracle information disclosure
Description
An information disclosure vulnerability in OpenClaw's `tools.exec.safeBins` approval flow allowed a file-existence oracle. When safe-bin validation examined candidate file paths, command allow/deny behavior could differ based on whether a path already existed on the host filesystem. An attacker could probe for file presence by comparing outcomes for existing vs non-existing filenames. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.17` - Latest published vulnerable version at triage time: `2026.2.17` - Planned patched version: `2026.2.18` ## Impact Attackers with access to this execution surface could infer whether specific files exist (for example secrets/config files), enabling filesystem enumeration and improving follow-on attack planning. ## Fix The safe-bin policy was changed to deterministic argv-only validation without host file-existence checks. File-oriented flags are blocked for safe-bin mode (for example `sort -o`, `jq -f`, `grep -f`), and trusted-path checks remain enforced. ## Fix Commit(s) - `bafdbb6f112409a65decd3d4e7350fbd637c7754` Found using [MCPwner](https://github.com/Pigyon/MCPwner) Thanks @nedlir for reporting.
How to fix CVE-2026-4040
To remediate CVE-2026-4040, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.19 or later
Is CVE-2026-4040 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.19