Skip to main content

Openclaw CVE-2026-31996

| EUVDEUVD-2026-13031 LOW
OS Command Injection (CWE-78)
2026-03-19 VulnCheck GHSA-4685-c5cp-vp95
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 19, 2026 - 01:30 euvd
EUVD-2026-13031
Analysis Generated
Mar 19, 2026 - 01:30 vuln.today
Patch released
Mar 19, 2026 - 01:30 nvd
Patch available
CVE Published
Mar 19, 2026 - 01:00 nvd
LOW 2.0

DescriptionCVE.org

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for arbitrary file writes or grep -R flag for recursive file reads, circumventing intended stdin-only restrictions.

AnalysisAI

OpenClaw versions prior to 2026.2.19 contain an input validation bypass in the tools.exec.safeBins component that allows local attackers with command execution privileges to circumvent stdin-only restrictions and perform arbitrary filesystem operations. By exploiting sort output flags (specifically the -o flag for arbitrary file writes) or recursive grep flags (-R for recursive file reads), authenticated attackers can read sensitive files or overwrite critical files despite intended access controls. While the CVSS score of 3.6 is moderate and requires local access with low privileges, the vulnerability represents a privilege escalation or sandbox escape technique rather than a critical remote exploit.

Technical ContextAI

The vulnerability exists in OpenClaw's safeBins execution wrapper (a security-conscious command execution abstraction), which attempts to restrict command-line tools to stdin-only operation to prevent unintended filesystem side effects. However, the input validation logic fails to sanitize dangerous command-line flags specific to GNU utilities. The sort command's -o (output file) flag and grep's -R (recursive directory traversal) flag are not properly blocked, allowing attackers to bypass the intended restriction model. This is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command, aka OS Command Injection), though technically it is a flag injection rather than full command injection. The affected product OpenClaw (CPE: cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*) is an application security or development tool that depends on safe command execution for sandboxing or restricted execution environments.

RemediationAI

Immediately upgrade OpenClaw to version 2026.2.19 or later, which includes the fix committed at https://github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f. This patch adds proper input validation to reject dangerous command-line flags (sort -o, grep -R, and similar filesystem-modifying flags) before execution. Organizations unable to patch immediately should restrict command execution access within OpenClaw to highly trusted users only, disable or sandbox the tools.exec.safeBins component if unused, and implement host-level file access controls (read-only mounts, SELinux/AppArmor policies) to limit the blast radius of potential flag-injection attacks. Monitor OpenClaw activity logs for suspicious sort or grep invocations with output redirection flags.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-31996 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy