CVE-2026-4040
MEDIUM EPSS 3.2%
Published Mar 12, 20263mo ago · Modified Jun 17, 20261w ago
4.8 CVSS 4.0
Published Mar 12, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
3.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-203
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openclaw | openclaw | * | ≥2026.2.0 – <2026.2.19 |
References 7
- github.com https://github.com/openclaw/openclaw/
- github.com https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754
- github.com https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1
- github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
- vuldb.com https://vuldb.com/?ctiid.350652
- vuldb.com https://vuldb.com/?id.350652
- vuldb.com https://vuldb.com/?submit.769581
Remediation
- github.com https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754