OpenClaw < 2026.1.20 Command Injection (GHSA-g55j-c2v4-pjcg)
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.20. It is, therefore, affected by a command injection vulnerability: - An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that...