Vulnerability Description
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | >= 2026.2.0, < 2026.2.19 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/Product
- https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637cPatch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6jVendor Advisory
- https://vuldb.com/?ctiid.350652Permissions RequiredVDB Entry
- https://vuldb.com/?id.350652Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.769581Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-4040?
CVE-2026-4040 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure ...
How severe is CVE-2026-4040?
CVE-2026-4040 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-4040?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.