Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

5.5CVSS5.1AI score0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 12:15 p.m.6 views

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

5.5CVSS5.2AI score
Exploits0References7
CVE
CVE
added 2026/03/12 12:2 p.m.14 views

CVE-2026-4040

OpenClaw (up to 2026.2.17) contains a local-information-exposure vulnerability in the File Existence Handler, specifically in tools.exec.safeBins. Attack requires local access and can disclose partial information. A fix is available in 2026.2.19-beta.1 (patch id bafdbb6f112409a65decd3d4e7350fbd63...

5.5CVSS5.3AI score0.00133EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 9:48 p.m.12 views

OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write

Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...

7.1CVSS5.9AI score0.00258EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/03 6:9 p.m.6 views

GHSA-7FCC-CW49-XM78 OpenClaw has command injection via Windows shell fallback in Lobster tool execution

Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...

8.6CVSS6.1AI score0.00618EPSS
Exploits0References3
Rows per page
Query Builder