CVE-2026-31996
Published: 19 March 2026
Summary
CVE-2026-31996 is a medium-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 4.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the input validation bypass vulnerability by enforcing validation mechanisms on command flags like sort -o and grep -R to restrict operations to stdin-only.
Addresses the specific flaw in tools.exec.safeBins by identifying, reporting, and applying the vendor patch from the OpenClaw commit to prevent exploitation.
Limits the functionality of safeBins tools by configuring the system to disable or restrict non-essential flags enabling arbitrary file reads or writes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-78 input validation bypass directly enables Unix shell command execution (sort -o, grep -R) to perform unintended local filesystem reads/writes, bypassing stdin-only restrictions and facilitating data collection from the local system.
NVD Description
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for arbitrary…
more
file writes or grep -R flag for recursive file reads, circumventing intended stdin-only restrictions.
Deeper analysisAI
CVE-2026-31996, published on 2026-03-19, is an input validation bypass vulnerability (CWE-78) in the tools.exec.safeBins component of OpenClaw versions prior to 2026.2.19. It enables attackers to execute unintended filesystem operations by abusing sort output flags or recursive grep flags, circumventing restrictions designed to limit operations to stdin only. The vulnerability carries a CVSS v3.1 base score of 4.4 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N), indicating moderate impact primarily on confidentiality and integrity.
Attackers require local access and low privileges (PR:L) to exploit this issue through command execution. With such access, they can leverage the sort -o flag for arbitrary file writes or the grep -R flag for recursive file reads, bypassing the intended stdin-only safeguards and enabling unauthorized data access or modification on the affected system.
Mitigation is addressed in the OpenClaw commit at https://github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f. Additional details on the vulnerability and remediation are available in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-4685-c5cp-vp95 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-safebins-stdin-only-bypass-via-sort-output-and-recursive-grep-flags.
Details
- CWE(s)