What is CVE-2026-4040?

CVE-2026-4040 is a low-severity vulnerability in Openclaw, classified under Observable Discrepancy. CVSS score: 3.3/10. Published 2026-03-12.

How severe is CVE-2026-4040?

Low severity. CVSS v3 base score is 3.3 out of 10.

Information disclosure in Openclaw

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs t…

EPSS: 0.000 (5.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C.

Affected products

N/a Openclaw — versions 2026.2.0, 2026.2.1, 2026.2.2

Weakness classification (CWE)

References

VDB-350652 | OpenClaw File Existence tools.exec.safeBins information exposure (vdb-entry, technical-description)
VDB-350652 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #769581 | openclaw 2026.2.17 Information Disclosure (third-party-advisory)
github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j (related)
github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754 (patch)
github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1 (patch)
github.com/openclaw/openclaw/ (product)

Frequently asked questions

What is CVE-2026-4040?: CVE-2026-4040 is a low-severity vulnerability in Openclaw, classified under Observable Discrepancy. CVSS score: 3.3/10. Published 2026-03-12.
How severe is CVE-2026-4040?: Low severity. CVSS v3 base score is 3.3 out of 10.