CVE-2026-28463

MEDIUM5.7EPSS 0.02%

OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

發布日:2026/2/18修改日:2026/3/6

描述

## Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only (no positional file arguments) when running `tools.exec.host=gateway|node` with `security=allowlist`. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but execution used a real shell (`sh -c`) which expands globs and environment variables. This allowed safe bins like `head`, `tail`, or `grep` to read arbitrary local files via tokens such as `*` or `$HOME/...` without triggering approvals. This issue is configuration-dependent and is not exercised by default settings (default `tools.exec.host` is `sandbox`). ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `<= 2026.2.13` - Patched: `>= 2026.2.14` (planned; publish the advisory after the npm release is out) ## Impact An authorized but untrusted caller (or prompt-injection) could cause the gateway/node process to disclose files readable by that process when host execution is enabled in allowlist mode. ## Fix Safe-bins executions now force argv tokens to be treated as literal text at execution time (single-quoted), preventing globbing and `$VARS` expansion from turning "safe" tokens into file paths. ## Fix Commit(s) - 77b89719d5b7e271f48b6f49e334a8b991468c3b ## Release Process Note `patched_versions` is pre-set for the next planned release (`>= 2026.2.14`) so publishing is a single click once that npm version is available. Thanks @christos-eth for reporting.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
osvCVSS 3.1MEDIUM5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

參考連結(6)