![[openclaw] OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags](/assets/images/github_com_1771583653359.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 6
[openclaw] OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
By GitHub2026๋
2์ 20์ผ
**[openclaw] OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags**
Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags (-o / --output) or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions Package: openclaw (npm) Affected versions: <= 2026.2.17 Patched versions: >= 2026.2.19 Latest published version at triage time: 2026.2.17 Impact In deployments that enabled tools.exec.safeBins, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (sort -o) or recursive file reads (grep -R). Fix Commit(s) cfe8457a0f4aae5324daec261d3b0aad1461a4bc Thanks @nedlir for reporting. References https://github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95 https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc https://github.com/advisories/GHSA-4685-c5cp-vp95
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags (-o / --output) or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions Package: openclaw (npm) Affected versions: <= 2026.2.17 Patched versions: >= 2026.2.19 Latest published version at triage time: 2026.2.17 Impact In deployments that enabled tools.exec.safeBins, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (sort -o) or recursive file reads (grep -R). Fix Commit(s) cfe8457a0f4aae5324daec261d3b0aad1461a4bc Thanks @nedlir for reporting. References https://github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95 https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc https://github.com/advisories/GHSA-4685-c5cp-vp95
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.