CVE-2026-32022

MEDIUM EPSS 17.2%
Published Mar 19, 20263mo ago · Modified May 26, 20261mo ago
6.0 CVSS 4.0
Medium
Find Similar
Published Mar 19, 2026 3mo ago
Last Modified May 26, 2026 1mo ago

Description

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file access restrictions and read sensitive files.env from the working directory.

CVSS Details

Base Score
6.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
17.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-184

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.21

References 3

  • github.com https://github.com/openclaw/openclaw/commit/c6ee14d60e4cbd6a82f9b2d74ebeb1e8ee814964
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-3xfw-4pmr-4xc5
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-grep-e-flag-policy-bypass
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/c6ee14d60e4cbd6a82f9b2d74ebeb1e8ee814964
    Patch