CVE-2026-4040

Sažetak

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.

Reference

https://github.com/openclaw/openclaw/
https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754
https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1
https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j
https://vuldb.com/?ctiid.350652
https://vuldb.com/?id.350652
https://vuldb.com/?submit.769581

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

16-03-2026 - 18:06

Objavljeno

12-03-2026 - 12:15