278 matches found
GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...
GHSA-82GW-WQW6-R2CF Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...
Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...
Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...
CVE-2026-31994
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
CVE-2026-22176
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
EUVD-2026-13027
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...
CVE-2026-31994
CVE-2026-31994 affects OpenClaw prior to 2026.2.19, where local command injection occurs in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. A local attacker who controls service script generation argume...
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
CVE-2026-22176
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
CVE-2026-22176
OpenClaw vulnerable versions prior to 2026.2.19 expose a command-injection in Windows Scheduled Task script generation. The flaw arises when environment variables are written to gateway.cmd with unquoted set KEY=VALUE assignments, allowing metacharacters (e.g., &, |, ^, %, !) to break out of the ...
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
EUVD-2026-13005
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from unsafe handling of the cmd metacharacters and extended sensitive characters...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from command injection during the generation of Windows scheduled task scripts...
GHSA-XJGW-4WVW-RGM4 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...
OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
GHSA-MQR9-VQHQ-3JXW OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...