CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\ followed by a...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28460 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28460 Source advisory: OSV:GHSA-9868-VXMX-W862...

CVE-2023-28460

CVE-2023-28460 affects Array Networks APV products. A command injection vulnerability allows a remote attacker, after admin authentication, to send a crafted packet and achieve arbitrary shell code execution. Impact is described as high with network access and requires admin privileges. Remediati...

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

CVE-2021-28460

creationtimestamp| type| source ---|---|--- 2022-06-03 18:51:45+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3145 2024-11-14 06:09:07+00:00| seen| MISP/7bf8938d-c9fe-4b0e-b6eb-4b199a1c3618...

CVE-2021-28460

Azure Sphere Unsigned Code Execution Vulnerability...

CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability

...

CVE-2021-28460

Azure Sphere contains an unsigned code execution vulnerability (CVE-2021-28460). The issue is described as a local, low-complexity vulnerability that requires no authentication and can impact confidentiality, integrity, and availability. Several connected sources (NVD entry and Microsoft advisory...

@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28460 via multi-ini (>=0.4.1 <=2.1.0)

multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28460 Source advisory: OSV:GHSA-67MQ-H2R9-RH2M...

CVE-2020-28460

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

CVE-2020-28460

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

CVE-2020-28460 Prototype Pollution

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

CVE-2020-28460

CVE-2020-28460 affects the multi-ini package (versions before 2.1.2). The issue is prototype pollution: an attacker can pollute an object’s prototype by placing the proto/constructor.proto object inside an array, bypassing CVE-2020-28448. Connected advisories confirm this vulnerability and link t...

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...