CVE-2026-4040
Information Exposure via Discrepancy in OpenClaw File Handler
Publication date: 2026-03-12
Last updated on: 2026-03-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.2.0 (inc) to 2026.2.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4040 is an information exposure vulnerability in OpenClaw versions up to 2026.2.17, specifically in the tools.exec.safeBins function of the File Existence Handler component.
The vulnerability arises because the safeBins feature used file-existence checks on the host filesystem to decide whether to allow or deny execution of certain binaries. This behavior created a file-existence oracle, allowing a local attacker to infer the presence or absence of specific files by observing differences in command allow/deny outcomes.
This discrepancy leaks security-relevant information about the system state, such as whether certain files exist, which can be used to enumerate the filesystem and potentially reveal sensitive files like secrets or configuration files.
The vulnerability requires local access to exploit and has a low to moderate severity rating. It was fixed by removing file-existence checks and enforcing deterministic validation based solely on command-line arguments, blocking file-oriented flags, and restricting safeBins to stdin-only operation.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to perform filesystem enumeration on your system.
By exploiting the file-existence oracle, an attacker can determine whether specific files exist on the host, including sensitive files such as secrets or configuration files.
This information exposure can facilitate further attacks by revealing system details that should remain confidential.
Although the attack requires local access and has a relatively low severity score, it still compromises confidentiality and could be a stepping stone for more serious exploits.
Upgrading to OpenClaw version 2026.2.19-beta.1 or later is advised to mitigate this risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from the tools.exec.safeBins function in OpenClaw, where file-existence checks on the host filesystem cause differing allow/deny command behaviors. Detection involves observing if commands behave differently based on the presence or absence of specific files.
Since the attack requires local access and exploits discrepancies in command execution results, detection can be attempted by running safeBins commands with file paths that may or may not exist and checking for differing responses.
- Attempt to execute safeBins commands with existing and non-existing file paths and observe if the output or allow/deny behavior differs.
- Example commands to test might include invoking safeBins with flags like `sort -o existing.txt` versus `sort -o nonexisting.txt` and checking for differences in execution or error messages.
- Similarly, commands like `jq -f existingfile` versus `jq -f nonexistingfile` or `grep -f existingfile` versus `grep -f nonexistingfile` can be tested to detect file-existence oracle behavior.
Note that these tests require local access to the system where OpenClaw is installed and the ability to run safeBins commands.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation is to upgrade OpenClaw to version 2026.2.19-beta.1 or later, which includes a patch that removes the file-existence oracle vulnerability.
The patch eliminates any host filesystem existence checks in the safeBins feature, enforces stdin-only operation, blocks file-oriented flags that could leak information, and uses deterministic argument-only validation.
If immediate upgrade is not possible, restrict local access to the affected OpenClaw installation to trusted users only, as the attack requires local execution.
Review and monitor usage of safeBins commands, especially those involving file-oriented flags like `sort -o`, `jq -f`, and `grep -f`, and consider disabling or restricting these until the patch is applied.