Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-22169 is an allowlist bypass vulnerability in OpenClaw versions prior to 2026.2.22. It occurs when the "sort" command is explicitly added to the tools.exec.safeBins allowlist configuration. Attackers can exploit the compress-program option of the sort command to invoke unauthorized external helper programs, bypassing the intended safe-bin approval constraints.'}, {'type': 'paragraph', 'content': 'This vulnerability allows remote attackers to execute unauthorized external commands by leveraging the compress-program parameter, which was not properly blocked in the safeBins configuration. The issue arises because the compress-program flag can invoke external executables, breaking the guarantee that safeBins only allow stdin-only operations and preventing file reads or external program execution.'}, {'type': 'paragraph', 'content': 'The underlying weaknesses include external control of system or configuration settings (CWE-15) and improper neutralization of special elements used in OS commands (CWE-78), leading to OS command injection.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers with local access and high privileges to bypass security restrictions intended to limit which binaries can be executed. By exploiting the compress-program option in the sort command, attackers can execute unauthorized external programs.

The impact includes high confidentiality, integrity, and availability risks, as unauthorized code execution can lead to data breaches, system compromise, or denial of service.

Because the attack requires high privileges and local access, the risk is somewhat mitigated, but the vulnerability still represents a significant security concern in environments where the safeBins configuration is customized to include sort.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the misuse of the `sort` command with the `--compress-program` option when explicitly added to the tools.exec.safeBins allowlist. Detection involves checking if the `sort` command is configured in safeBins and if the `--compress-program` option is being used or allowed.'}, {'type': 'paragraph', 'content': 'You can inspect your OpenClaw configuration to see if `sort` is explicitly added to the tools.exec.safeBins allowlist and if the `--compress-program` option is permitted.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or usage of the vulnerable configuration, you might run commands to check for processes invoking `sort` with `--compress-program` or audit logs for such invocations.'}, {'type': 'list_item', 'content': 'Check OpenClaw configuration files for `tools.exec.safeBins` entries including `sort`.'}, {'type': 'list_item', 'content': "Search running processes or command history for `sort --compress-program` usage, e.g., `ps aux | grep 'sort --compress-program'`."}, {'type': 'list_item', 'content': 'Audit system logs for commands or errors related to `sort --compress-program`.'}] [1, 2, 3]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade OpenClaw to version 2026.2.22 or later, where the vulnerability is fixed.

If upgrading immediately is not possible, you should remove the `sort` command from the tools.exec.safeBins allowlist or ensure that the `--compress-program` option is blocked in your safeBins configuration.

Specifically, block or disallow the `--compress-program` flag for the `sort` utility in the safeBins execution policy to prevent unauthorized external program execution.

• Upgrade OpenClaw to version 2026.2.22 or later.
• Remove `sort` from the tools.exec.safeBins allowlist if it is explicitly added.
• Configure safeBins to block the `--compress-program` flag for `sort`.
• Validate that no commands use `sort --compress-program` in your environment.

Useful 0 Not Useful 0