CVE-2026-29608 OpenClaw 2026.3.1 < 2026.3.2 - Approval Integrity Bypass via system.run argv Rewriting

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval-integrity vulnerability in the system.run node-host path where argv rewriting changes the executed command. The issue allows an attacker to place a local script in the approved working directory and have it run instead of the text shown to the operator, desp...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the system.run process. An attacker can execute unintended local code as the runtime user by modifying an approved local script after...

OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to obtain sensitive...

SUSE CVE-2008-3949

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file...

Microsoft Windows: Script Execution

This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run. If you enable this policy setting, the scripts selected in the drop-down list are allowed to run. The Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpte...

LittleSite 0.1 'file' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to...

Coppermine 1.4.4 Index.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17570/info Coppermine is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. Version 1.4.4 is vulnerable to this issue; other versions may also be...

Wrapper.PHP for OsCommerce Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24565/info Wrapper.php for OsCommerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execut...

eFront 3.5.5 'langname' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38787/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execut...

WebIf OutConfig Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

Advanced Guestbook 2.4.2 Lang Cookie Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23876/info Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local...

Article Friendly 'filename' Parameter Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38461/info Article Friendly is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information...

artmedic webdesign weblog Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27797/info artmedic webdesign weblog is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially...

PowerScripts PowerNews 2.5.6 'subpage' Parameter Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27688/info PowerScripts PowerNews is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially...

Dalai Forum 1.1 Forumreply.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25361/info Dalai Forum is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

PHP Web Explorer 0.99b edit.php file Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/31595/info PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal string...

PHP-Nuke 2.0 AutoHTML Module Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitrary local scripts...

SQLiteManager 1.2 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22727/info SQLiteManager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local...