OpenClaw < 2026.2.14 - Arbitrary File Read via Shell Expansion in Safe Bins Allowlist

OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or through prompt-injection attacks can exploit safe binaries like head, tail, or grep with glob patterns or environment variables to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

OpenClaw 操作系统命令注入漏洞

OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw存在操作系统命令注入漏洞，该漏洞源于exec-approvals允许列表验证检查预扩展argv令牌但执行使用真实shell扩展，可能导致授权调用者或提示注入攻击泄露文件。

N/A

N/A