CVE-2026-32022: OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)
(updated )
OpenClaw tools.exec.safeBins had a stdin-only policy bypass for grep.
If pattern input was supplied through -e / --regexp, the validator consumed the pattern as a flag value and still allowed one positional operand. That positional could be a bare filename like .env.
References
- github.com/advisories/GHSA-3xfw-4pmr-4xc5
- github.com/openclaw/openclaw/commit/c6ee14d60e4cbd6a82f9b2d74ebeb1e8ee814964
- github.com/openclaw/openclaw/security/advisories/GHSA-3xfw-4pmr-4xc5
- nvd.nist.gov/vuln/detail/CVE-2026-32022
- www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-grep-e-flag-policy-bypass
Code Behaviors & Features
Detect and mitigate CVE-2026-32022 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →