When sort is explicitly added to tools.exec.safeBins (non-default), the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode.
openclaw (npm)<=2026.2.21-22026.2.21-2 (as of February 22, 2026)2026.2.2257fbbaebca4d34d17549accf6092ae26eb7b605cpatched_versions is pre-set to the planned next release (>=2026.2.22). Once that npm release is published, the advisory can be published directly.
OpenClaw thanks @tdjackey for reporting.
| Score | Percentile |
|---|---|
| 0.03% | 9.47% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.4 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-vmqr-rc7x-3446 ↗ |
| CVE | CVE-2026-22169 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | < 2026.2.22 | 2026.2.22 | — |