An input validation bypass in OpenClaw allows attackers to execute unauthorized commands by using abbreviated GNU options, bypassing intended security approval workflows.

The vulnerability exists in the tools.exec.safeBins validation logic for the sort command. While full strings like --compress-program were denied, attackers can use abbreviations like --compress-prog to bypass the allowlist and execute arbitrary paths without required approval.

This bypass allows for the execution of commands that should be restricted, potentially leading to unauthorized system changes or data access. The CVSS score of 9.9 indicates a near-total compromise of system security controls and a high risk of malicious command execution.

Immediate Action: Update OpenClaw to version 2026.2.23 or later, which contains the fix for the validation logic.

Proactive Monitoring: Audit execution logs for the sort command and search for any use of GNU long-option abbreviations that may indicate an exploitation attempt.

Compensating Controls: Implement strict OS-level permissions to limit what the application user can execute and use endpoint detection and response (EDR) tools to monitor for suspicious process spawning.

Public Exploit Available: No

The high CVSS score of 9.9 demands immediate patching. Administrators should verify that the update to version 2026.2.23 is applied to close the gap in command validation and prevent unauthorized execution paths.