CVE-2026-31996 LOW

CVE-2026-31996: OpenClaw < 2026.2.19 - safeBins stdin-only bypass via sort output and recursive grep flags

Vendor Openclaw
Product OpenClaw
Weakness CWE-78
Published March 19, 2026
Last update April 29, 2026

CVSS base score

2.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for arbitrary file writes or grep -R flag for recursive file reads, circumventing intended stdin-only restrictions.

Key dates

02Disclosure timeline

March 19, 2026 CVE published
April 29, 2026 Record updated