CVE-2026-4040
Received Received - Intake
Information Exposure via Discrepancy in OpenClaw File Handler

Publication date: 2026-03-12

Last updated on: 2026-03-16

Assigner: VulDB

Description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4040
EUVD
EUVD-2026-11565
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.2.0 (inc) to 2026.2.19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-203 The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4040 is an information exposure vulnerability in OpenClaw versions up to 2026.2.17, specifically in the tools.exec.safeBins function of the File Existence Handler component.

The vulnerability arises because the safeBins feature used file-existence checks on the host filesystem to decide whether to allow or deny execution of certain binaries. This behavior created a file-existence oracle, allowing a local attacker to infer the presence or absence of specific files by observing differences in command allow/deny outcomes.

This discrepancy leaks security-relevant information about the system state, such as whether certain files exist, which can be used to enumerate the filesystem and potentially reveal sensitive files like secrets or configuration files.

The vulnerability requires local access to exploit and has a low to moderate severity rating. It was fixed by removing file-existence checks and enforcing deterministic validation based solely on command-line arguments, blocking file-oriented flags, and restricting safeBins to stdin-only operation.

Impact Analysis

This vulnerability can impact you by allowing a local attacker to perform filesystem enumeration on your system.

By exploiting the file-existence oracle, an attacker can determine whether specific files exist on the host, including sensitive files such as secrets or configuration files.

This information exposure can facilitate further attacks by revealing system details that should remain confidential.

Although the attack requires local access and has a relatively low severity score, it still compromises confidentiality and could be a stepping stone for more serious exploits.

Upgrading to OpenClaw version 2026.2.19-beta.1 or later is advised to mitigate this risk.

Compliance Impact

I don't know

Detection Guidance

This vulnerability arises from the tools.exec.safeBins function in OpenClaw, where file-existence checks on the host filesystem cause differing allow/deny command behaviors. Detection involves observing if commands behave differently based on the presence or absence of specific files.

Since the attack requires local access and exploits discrepancies in command execution results, detection can be attempted by running safeBins commands with file paths that may or may not exist and checking for differing responses.

  • Attempt to execute safeBins commands with existing and non-existing file paths and observe if the output or allow/deny behavior differs.
  • Example commands to test might include invoking safeBins with flags like `sort -o existing.txt` versus `sort -o nonexisting.txt` and checking for differences in execution or error messages.
  • Similarly, commands like `jq -f existingfile` versus `jq -f nonexistingfile` or `grep -f existingfile` versus `grep -f nonexistingfile` can be tested to detect file-existence oracle behavior.

Note that these tests require local access to the system where OpenClaw is installed and the ability to run safeBins commands.

Mitigation Strategies

The primary and recommended mitigation is to upgrade OpenClaw to version 2026.2.19-beta.1 or later, which includes a patch that removes the file-existence oracle vulnerability.

The patch eliminates any host filesystem existence checks in the safeBins feature, enforces stdin-only operation, blocks file-oriented flags that could leak information, and uses deterministic argument-only validation.

If immediate upgrade is not possible, restrict local access to the affected OpenClaw installation to trusted users only, as the attack requires local execution.

Review and monitor usage of safeBins commands, especially those involving file-oriented flags like `sort -o`, `jq -f`, and `grep -f`, and consider disabling or restricting these until the patch is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4040. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart