2 matches found
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the PowerShell encoded-command handling process. An attacker can execute arbitrary commands by leveraging unrecognized encoded-command alias forms...
CVE-2026-53836 OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks...