Back to Vulnerability List

OpenClaw: tools.exec.safeBins PATH-hijack allowed trojan binaries to bypass allowlist checks

CVE-2026-0147 Medium Published

CVSS

6.7 Medium · Local · Low PR

EPSS

0.091 9.1% chance of exploit in 30d

CWE

CWE-427 Uncontrolled Search Path Element

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

tools.exec.safeBins allowlist checks could be bypassed by PATH-hijacked binaries, allowing execution of attacker-controlled trojan binaries under an allowlisted executable name.

Affected Packages / Versions

Package: openclaw (npm)
Latest published version at triage time: 2026.2.17
Affected range: >= 2026.1.21 < 2026.2.18
Patched version: 2026.2.19

Impact

In allowlist mode, safeBins validation previously accepted a resolved executable path based on executable name and argument shape, without enforcing trusted executable directories. If an attacker could influence process PATH resolution before gateway startup (or otherwise control the gateway launch environment), a trojan binary with an allowlisted name (for example jq) could be executed.

Severity Rationale

This issue is rated medium because exploitation requires an additional precondition: influencing the gateway process PATH / launch environment. Request-scoped PATH injection is blocked for host execution.

Fix

safeBins now requires the resolved executable path to come from trusted bin directories (system defaults plus gateway startup PATH), closing the bypass.

Disclosure timeline

Jan 12, 2026Reported to vendor
Mar 28, 2026Patch released
Apr 2, 2026Public disclosure

Fix Commit(s)

28bac46c92069dc728524fbf383024c1b64e5c23

References

Discovered by Nathan Sportsman · Published April 24, 2026

Praetorian Guard Platform

Penetration Testing Services

Advanced Offensive Security

Continuous Offensive Security

Customer Case Studies

Resources

Use Cases

About Praetorian

Join Praetorian