Lucene search
K

225 matches found

NVD
NVD
added 2026/03/23 10:16 p.m.6 views

CVE-2026-32910

Rejected reason: This CVE ID has been rejected...

Exploits0
NVD
NVD
added 2026/03/23 10:16 p.m.6 views

CVE-2026-32901

Rejected reason: This CVE ID has been rejected...

Exploits0
NVD
NVD
added 2026/03/23 10:16 p.m.3 views

CVE-2026-32047

Rejected reason: This CVE ID has been rejected...

Exploits0
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-27183

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...

5.3CVSS0.00108EPSS
Exploits0References3
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-28455

Rejected reason: This CVE ID has been rejected...

Exploits0
Cvelist
Cvelist
added 2026/03/23 9:36 p.m.23 views

CVE-2026-32910

...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.8 views

CVE-2026-32910

CVE-2026-32910 affects OpenClaw prior to 2026.3.1. The vulnerability is an approval bypass in the system.run flow where non-path-like argv[0] tokens fail to bind executable identity, allowing post-approval executable rebind. Practically, an attacker can modify PATH resolution after approval to ex...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/03/23 9:36 p.m.23 views

CVE-2026-32047

...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.8 views

CVE-2026-32047

OpenClaw before 2026.2.22 is affected by an allowlist bypass in system.run . Attackers can bypass shell-wrapper analysis by injecting $\ followed by a newline and ( inside double quotes, folding the payload into $(...) to execute arbitrary subcommands. This is a local, low-complexity issue with l...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/03/23 9:35 p.m.9 views

EUVD-2026-14555

OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...

4.5CVSS6AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27234

OpenClaw before 2026.2.22 contains an authorization bypass vulnerability in allowlist mode where allow-always persistence at wrapper-level enables approval-bypass execution of different payloads. Attackers can approve benign wrapped system.run commands to broaden trust boundaries and execute...

6.4CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27224

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions...

5.8CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.3 views

PT-2026-27227

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation. Attackers can bypass shell-wrapper analysis by injecting $ followed by newline and inside...

5.8CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27242

OpenClaw before 2026.3.1 contains an approval bypass vulnerability in system.run where non-path-like argv0 tokens fail to bind executable identity, allowing post-approval executable rebind. Attackers can modify PATH resolution after approval to execute a different binary than the operator approve...

7.3CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27235

OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execu...

6.7CVSS6.2AI score
Exploits0References5
OSV
OSV
added 2026/03/21 3:31 a.m.6 views

GHSA-MXMG-3P7M-2GHR Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...

5.7CVSS6AI score0.0029EPSS
Exploits0References4
OSV
OSV
added 2026/03/21 3:31 a.m.3 views

GHSA-RJ39-33V7-9XRQ Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xgf2-vxv2-rrmg. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the...

7.7CVSS6.4AI score0.00559EPSS
Exploits0References4
OSV
OSV
added 2026/03/21 3:31 a.m.3 views

GHSA-CJQ8-M7WJ-XMQ9 Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with...

2.6CVSS5.9AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 3:31 a.m.3 views

EUVD-2026-13958

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bashprofile or .zshenv to achieve arbitra...

7.7CVSS6.5AI score0.00559EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.8 views

Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...

6.5CVSS6AI score0.0029EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder