CVE-2026-31996: OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
(updated )
tools.exec.safeBins could be bypassed for filesystem access when sort output flags (-o / --output) or recursive grep flags were allowed through safe-bin execution paths.
References
- github.com/advisories/GHSA-4685-c5cp-vp95
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f
- github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95
- nvd.nist.gov/vuln/detail/CVE-2026-31996
- www.vulncheck.com/advisories/openclaw-safebins-stdin-only-bypass-via-sort-output-and-recursive-grep-flags
Code Behaviors & Features
Detect and mitigate CVE-2026-31996 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →