Lucene search
K

7 matches found

CVE
CVE
added 2026/06/16 6:5 p.m.21 views

CVE-2026-53866

OpenClaw vulnerable before version 2026.5.12 due to an allowlist bypass in shell inline-command parsing. Affected: authenticated operators could cause unapproved commands to execute because a parser case omits the expected allowlist decision. The issue is tied to the shell inline-command handling...

8.1CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.8CVSS0.00982EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49026

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description Command injection occurs because the shell wrapper argv can be modified between the approval and execution phases. This allows attackers to rebuild command arguments after they have passed...

8.8CVSS6AI score0.00982EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44115

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...

8.8CVSS6AI score0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.6 views

CVE-2026-44115

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...

8.8CVSS5.9AI score0.00362EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.14 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to bypass permission list validation by embedding shell extension tokens in heredoc bodies to execute unapproved commands at runtime...

8.8CVSS6.1AI score0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28391

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

9.8CVSS5.9AI score0.00499EPSS
Exploits0References4
Rows per page
Query Builder