GHSA-WGX8-R9VW-2W4H Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...

Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039

Summary: CVE-2026-4039 affects OpenClaw 2026.2.19-2, specifically the Skill Env Handler’s function applySkillConfigenvOverrides, allowing remote code injection via manipulated environment configuration. A fix is published and the advisory notes upgrading to 2026.2.21-beta.1 (patch 8c9f35cdb51692b...

CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1

Overview MR-GM5L-S1 and MR-GM5A-L1 provided by Micro Research Ltd. contain multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-20892 Use of hard-coded credentials CWE-798 - CVE-2026-24448 Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-27842 Chuya...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Quotation Management Insurance and SAP NetWeaver. Some of the fixed vulnerabilities are in third-party products - such as Oracle - that are incorporated into SAP products. The vulnerabilities include a code injection flaw, missing...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

EUVD-2026-11493

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968

Summary: CVE-2026-3968 affects AutohomeCorp frostmourne (up to 1.0) via the Oracle Nashorn JavaScript Engine. The vulnerability targets the function scriptEngine.eval in ExpressionRule.java, enabling remote code injection through manipulation of the EXPRESSION argument. Exploitability is indicate...

PT-2026-24899

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

itsourcecode Payroll Management System 代码注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Version 1.0 of the itsourcecode Payroll Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file...

itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “vr” in the...

Frostmourne 代码注入漏洞

Frostmourne is a multi-data source monitoring and alert system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter EXPRESSION in the file ExpressionRule.java, which could...