GHSA-jccr-rrw2-vc8h: OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
highvulnerability
security
Source: GitHub Advisory DatabaseMarch 31, 2026
Summary
OpenClaw's jq safe-bin policy had a security flaw where it blocked direct `env` commands but still allowed access to environment variables through the `$ENV` filter, potentially letting approved commands leak sensitive environment data. This vulnerability affected versions up to 2026.3.24 in the file `src/infra/exec-safe-bin-semantics.ts` (the code that enforces safe command restrictions).
Solution / Mitigation
Update to version 2026.3.28 or later. The fix was implemented in commit `78e2f3d66d` with the message "Exec: tighten jq safe-bin env checks".
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedInference
Affected Vendors
Affected Packages
openclaw@<= 2026.3.24 (fixed: 2026.3.28)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-jccr-rrw2-vc8h
First tracked: March 31, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%