Lucene search
K

278 matches found

OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00571EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-82GW-WQW6-R2CF Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...

6.9CVSS6.1AI score0.00637EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.4 views

Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.8CVSS6AI score0.00571EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.12 views

Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...

7.8CVSS6AI score0.00637EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/19 2:16 a.m.10 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS0.00571EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 2:16 a.m.5 views

CVE-2026-22176

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

7.8CVSS0.00637EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.1CVSS6.1AI score0.00571EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 1:0 a.m.6 views

EUVD-2026-13027

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.1AI score0.00571EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 1:0 a.m.23 views

CVE-2026-31994

CVE-2026-31994 affects OpenClaw prior to 2026.2.19, where local command injection occurs in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. A local attacker who controls service script generation argume...

7.8CVSS6.1AI score0.00571EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 1:0 a.m.5 views

CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

6.9CVSS7.3AI score0.00637EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.3 views

CVE-2026-22176

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

6.9CVSS6.1AI score0.00637EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 1:0 a.m.37 views

CVE-2026-22176

OpenClaw vulnerable versions prior to 2026.2.19 expose a command-injection in Windows Scheduled Task script generation. The flaw arises when environment variables are written to gateway.cmd with unquoted set KEY=VALUE assignments, allowing metacharacters (e.g., &, |, ^, %, !) to break out of the ...

7.8CVSS6.1AI score0.00637EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.1 views

CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

6.9CVSS6.1AI score0.00637EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 1:0 a.m.6 views

EUVD-2026-13005

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

7.8CVSS6.1AI score0.00637EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.23 views

CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

6.9CVSS0.00637EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from unsafe handling of the cmd metacharacters and extended sensitive characters...

7.8CVSS5.8AI score0.00571EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from command injection during the generation of Windows scheduled task scripts...

7.8CVSS6AI score0.00637EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:56 p.m.5 views

GHSA-XJGW-4WVW-RGM4 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

9CVSS6.3AI score0.0226EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:50 p.m.8 views

OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...

7.8CVSS6AI score0.00637EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 9:37 p.m.3 views

GHSA-MQR9-VQHQ-3JXW OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

8.5CVSS6.1AI score0.00571EPSS
Exploits0References5
Rows per page
Query Builder