Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

8.8CVSS6.2AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 12:30 p.m.3 views

GHSA-WGX8-R9VW-2W4H Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...

6.3CVSS5.6AI score0.00316EPSS
Exploits0References8
NVD
NVD
added 2026/03/12 12:15 p.m.6 views

CVE-2026-4039

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

8.8CVSS0.00316EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/03 10:25 p.m.4 views

Execution with Unnecessary Privileges

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Execution with Unnecessary Privileges due to the absence of a USER directive in the Dockerfiles, causing all processes to run as root. An attacker can gain root privileges within the...

8.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 10:9 p.m.1 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the process when attacker-controlled environment variables are admitted and inherited by host command execution paths. An attacker can execute arbitrary commands by...

7.3CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 2026/03/03 9:37 p.m.2 views

Files or Directories Accessible to External Parties

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the assertBrowserNavigationAllowed function. An attacker who has authenticated access to a gateway with browser tooling enabled can...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 7:9 p.m.3 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via tools.exec.safeBins. An attacker can access sensitive files from the working directory by supplying a pattern input through the -e or --regexp fla...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/23 10:13 p.m.3 views

Command Injection

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Command Injection in the --netrc-cmd option and netrccmd API parameter, which invoke subprocess.Popen with shell=True. The GetCourseRuIE, TeachableIE, and...

8.8CVSS6.2AI score0.01596EPSS
Exploits2References2
Rows per page
Query Builder