CVE-2026-28463: OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion
(updated )
OpenClaw’s exec-approvals allowlist supports a small set of “safe bins” intended to be stdin-only (no positional file arguments) when running tools.exec.host=gateway|node with security=allowlist.
In affected configurations, the allowlist validation checked pre-expansion argv tokens, but execution used a real shell (sh -c) which expands globs and environment variables. This allowed safe bins like head, tail, or grep to read arbitrary local files via tokens such as * or $HOME/... without triggering approvals.
This issue is configuration-dependent and is not exercised by default settings (default tools.exec.host is sandbox).
References
- github.com/advisories/GHSA-xvhf-x56f-2hpp
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/77b89719d5b7e271f48b6f49e334a8b991468c3b
- github.com/openclaw/openclaw/releases/tag/v2026.2.14
- github.com/openclaw/openclaw/security/advisories/GHSA-xvhf-x56f-2hpp
- nvd.nist.gov/vuln/detail/CVE-2026-28463
- www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-shell-expansion-in-safe-bins-allowlist
Code Behaviors & Features
Detect and mitigate CVE-2026-28463 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →