CVE-2026-4040

EPSS 0.13%
Veröffentlicht 12.03.2026 12:15:59
Zuletzt bearbeitet 16.03.2026 18:06:44
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

OpenClaw File Existence tools.exec.safeBins information exposure

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenClaw ≫ OpenClaw SwPlatformnode.js Version >= 2026.2.0 < 2026.2.19

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://github.com/openclaw/openclaw/

Product

https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754

Patch

https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1

Release Notes

https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j

Vendor Advisory

https://vuldb.com/?ctiid.350652

VDB Entry

Permissions Required

https://vuldb.com/?id.350652

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.769581

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2026-4040

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4040

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4040

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4040