CVE-2026-32907

Rejected reason: This CVE ID has been rejected...

PT-2026-27221

OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...

Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

CVE-2026-31994

CVE-2026-31994 affects OpenClaw prior to 2026.2.19, where local command injection occurs in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. A local attacker who controls service script generation argume...

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

CVE-2026-22176

OpenClaw before version 2026.2.19 contains a command injection in Windows Scheduled Task script generation. The flaw stems from unquoted environment variable assignments written to gateway.cmd (e.g., set KEY=VALUE), allowing metacharacters like &, |, ^, %, or ! to break out of assignment and enab...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the gateway.cmd script generation. An attacker can execute arbitrary commands by supplying specially crafted environment variable values containing Windows shell...

PowerStick Wave Dual-Band Wifi Extender 安全漏洞

PowerStick Wave Dual-Band Wifi Extender is a portable WiFi extender from PowerStick USA. A security vulnerability exists in version V1.0 of the PowerStick Wave Dual-Band Wifi Extender that originates from insufficient user input cleanup in the file /cgi-bin/cgivista.cgi, which could lead to remot...

IBM DataPower Gateways GatewayScript Module Information Disclosure Vulnerability

IBM DataPower Gateways is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads, which protects, integrates, and optimizes access across channels...

DEBIAN-CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...