EUVD-2026-26092

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained a path traversal vulnerability. This vulnerability stemmed from a directory deletion vulnerability in the mirror mode, allowing attackers to delete remote directorie...

EUVD-2026-25339

OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

GHSA-M563-373Q-885C Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42mx-vp8m-j7qh. This link is maintained to preserve external references. Original Description OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted...

Duplicate Advisory: OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-42mx-vp8m-j7qh. This link is maintained to preserve external references. Original Description OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted...

CVE-2026-41355

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

CVE-2026-41355

OpenShell is affected by CVE-2026-41355 (pre-2026.3.28) where a vulnerability in mirror mode allows conversion of untrusted sandbox files into workspace hooks, enabling arbitrary code execution on the host at gateway startup when mirror-mode access is present. The issue stems from how workspace h...

CVE-2026-41355 OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

CVE-2026-41355

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks...

OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Summary OpenShell mirror mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped = 2026.3.28 - First stable tag...

GHSA-42MX-VP8M-J7QH OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Summary OpenShell mirror mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped = 2026.3.28 - First stable tag...

PT-2026-34786

Name of the Vulnerable Software and Affected Versions OpenShell versions prior to 2026.3.28 Description An arbitrary code execution issue exists in mirror mode, which allows untrusted sandbox files to be converted into workspace hooks. Attackers with mirror mode access can execute arbitrary code ...

GHSA-CWF8-44X6-32C2 OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal

Summary OpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the...

OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal

Summary OpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the...

Securing Autonomous AI Agents with TrendAI & NVIDIA OpenShell

Learn how TrendAI and NVIDIA OpenShell help secure autonomous AI agents and build trusted enterprise AI systems with stronger visibility and control...