Incomplete List of Disallowed Inputs in openclaw

Q: How to fix?

Upgrade openclaw to version 2026.2.22 or higher.

Introduced: 3 Mar 2026

NewCWE-184 (opens in a new tab) CWE-78 (opens in a new tab)

How to fix?

Upgrade openclaw to version 2026.2.22 or higher.

Overview

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the --compress-program flag in the sort process when sort is manually added to the tools.exec.safeBins configuration. An attacker can execute arbitrary external programs by supplying a crafted value to the --compress-program flag, bypassing expected operator approval. This is only exploitable if sort is explicitly included in tools.exec.safeBins and the deployment uses both security=allowlist and ask=on-miss settings.

References

GitHub Commit

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
High
Attack Requirements (AT)
Present
Privileges Required (PR)
Low
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Incomplete List of Disallowed Inputs Affecting openclaw package, versions <2026.2.22

Severity

Do your applications use this vulnerable package?

Introduced: 3 Mar 2026

How to fix?

Overview

References

CVSS Base Scores

Snyk