DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-8MF7-VV8W-HJR2: GHSA-8MF7-VV8W-HJR2: Remote Code Execution via Insecure SafeBins Fallback in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-8MF7-VV8W-HJR2: Remote Code Execution via Insecure SafeBins Fallback in OpenClaw

Vulnerability ID: GHSA-8MF7-VV8W-HJR2
CVSS Score: 9.8
Published: 2026-03-03

A critical Remote Code Execution (RCE) vulnerability exists in OpenClaw's safeBins execution allowlist mechanism. The flaw resides in the tools.exec.safeBins configuration logic, where a permissive generic fallback profile was applied to binaries lacking specific security definitions. This oversight allows attackers to bypass command approval policies by leveraging interpreter binaries (e.g., Python, Node.js) to execute arbitrary inline payloads, effectively neutralizing the intended security controls of the agent framework.

TL;DR

OpenClaw versions prior to 2026.2.23 contain a critical flaw in the safeBins allowlist logic. If a binary is added to the allowlist without a specific security profile, the system defaults to a permissive generic profile that fails to block dangerous command-line flags. This allows attackers to achieve Remote Code Execution (RCE) by invoking interpreters with inline code execution arguments (e.g., python3 -c ...). The vulnerability is patched in version 2026.2.23 by removing the generic fallback and enforcing a deny-by-default policy.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-184 (Incomplete List of Disallowed Inputs)
  • CVSS v3.1: 9.8 (Critical)
  • Attack Vector: Network (Remote)
  • Privileges Required: None
  • User Interaction: None
  • Impact: Remote Code Execution (RCE)

Affected Systems

  • OpenClaw
  • OpenClaw: < 2026.2.23 (Fixed in: 2026.2.23)

Code Analysis

Commit: 47c3f74

Remove generic safe bin profile and enforce deny-by-default

- const profile = safeBinProfiles[execName] ?? genericSafeBinProfile;
+ const profile = safeBinProfiles[execName];
+ if (!profile) return false;
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade to OpenClaw v2026.2.23+
  • Remove generic interpreters from allowlists
  • Enforce explicit security profiles for all allowed binaries
  • Implement strict argument filtering

Remediation Steps:

  1. Check the current OpenClaw version; if < 2026.2.23, schedule an immediate update.
  2. Review the config.yaml or environment configuration for tools.exec.safeBins.
  3. Identify any binary in safeBins that does not have a matching key in tools.exec.safeBinProfiles.
  4. Remove unprofiled binaries or add specific profiles defining allowed arguments.
  5. Restart the OpenClaw service to apply configuration changes.

References

Read the full report for GHSA-8MF7-VV8W-HJR2 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)