PatchSiren cyber security CVE debrief
CVE-2026-32022 OpenClaw CVE debrief
OpenClaw versions prior to 2026.2.21 contain a policy bypass vulnerability in the grep tool within tools.exec.safeBins. The vulnerability allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter and including a positional filename operand, which bypasses file access restrictions intended to limit operations to stdin-only. This enables reading sensitive files such as .env from the working directory. The vulnerability was published on March 19, 2026, and modified on May 26, 2026. A patch is available in version 2026.2.21.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-19
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-03-19
- Advisory updated
- 2026-05-26
Who should care
Organizations running OpenClaw versions prior to 2026.2.21 in production environments, particularly those processing untrusted input or operating in multi-tenant contexts where file isolation is critical. Security teams should prioritize patching if OpenClaw is exposed to potentially malicious input or if sensitive configuration files exist in accessible working directories.
Technical summary
The vulnerability exists in OpenClaw's tools.exec.safeBins implementation of the grep tool. The intended security policy restricts grep to stdin-only operations, preventing direct file access. However, the implementation fails to properly validate command-line arguments when the -e flag is used to specify a pattern. An attacker can supply a pattern via -e and append a filename as a positional operand, causing grep to read from the specified file rather than stdin. This bypasses the stdin-only restriction and allows arbitrary file read from the working directory, including sensitive files like .env. The root cause is incomplete input validation (CWE-184) where the argument parser does not reject or sanitize unexpected filename operands when the -e flag is present.
Defensive priority
medium
Recommended defensive actions
- Upgrade OpenClaw to version 2026.2.21 or later to obtain the patch
- Review and audit tools.exec.safeBins configurations for additional policy enforcement gaps
- Implement defense-in-depth by restricting file system access for OpenClaw processes using containerization or sandboxing
- Monitor for suspicious grep invocations with -e flags followed by positional filename arguments
- Validate that custom tool wrappers properly sanitize or reject unexpected filename operands
- Review application logs for unauthorized file access attempts in OpenClaw working directories
Evidence notes
The vulnerability is classified as CWE-184 (Incomplete List of Disallowed Inputs). The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and high confidentiality impact. The affected CPE is cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* with versions prior to 2026.2.21 being vulnerable.
Official resources
-
CVE-2026-32022 CVE record
CVE.org
-
CVE-2026-32022 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
The vulnerability was disclosed through coordinated disclosure via VulnCheck and GitHub Security Advisories. The vendor has acknowledged the issue and released a patch.