Lucene search
K

225 matches found

Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.8 views

Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...

6.5CVSS6AI score0.0029EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.7 views

Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/21 3:31 a.m.2 views

GHSA-3P2X-HJXJ-C7RV Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mwcg-wfq3-4gjc. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run...

6.5CVSS6.2AI score0.00099EPSS
Exploits0References4
OSV
OSV
added 2026/03/21 3:31 a.m.1 views

GHSA-W6F4-3V35-QJHJ Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...

6.4CVSS6AI score0.00911EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.6 views

Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mwcg-wfq3-4gjc. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run...

7CVSS6.2AI score0.00099EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.10 views

Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...

9.8CVSS6AI score0.00911EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32043

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...

7CVSS0.00099EPSS
Exploits0References3
OSV
OSV
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.2AI score0.0029EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32065

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 12:42 a.m.8 views

EUVD-2026-13966

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.29 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 12:42 a.m.11 views

CVE-2026-32065

Summary (concrete): CVE-2026-32065 affects OpenClaw

6.5CVSS6.1AI score0.0029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.26 views

CVE-2026-32058 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2.6CVSS0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.1 views

CVE-2026-32058 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2.6CVSS5.9AI score0.00191EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32058

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2.6CVSS5.9AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 12:42 a.m.5 views

EUVD-2026-13962

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2.6CVSS5.9AI score0.00191EPSS
Exploits0References3
OSV
OSV
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32058 OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node

OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...

2CVSS6.1AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 12:42 a.m.15 views

CVE-2026-32058

OpenClaw prior to 2026.2.26 contains an approval context-binding weakness in system.run flows with host=node that allows reuse of previously approved requests after environment variables are modified. Exploitation requires access to an approval id to reuse an approval with changed env input, bypa...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32056 OpenClaw < 2026.2.22 - Remote Code Execution via Shell Startup Environment Variable Injection in system.run

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bashprofile or .zshenv to achieve arbitra...

7.7CVSS6.6AI score0.00559EPSS
Exploits0References5
Rows per page
Query Builder