CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-32003

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

GHSA-82GW-WQW6-R2CF Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...

Duplicate Advisory: Command Injection via unescaped environment assignments in Windows Scheduled Task script generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pj5x-38rw-6fph. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script...

CVE-2026-22176

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

CVE-2026-22176

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

CVE-2026-22176 OpenClaw < 2026.2.19 - Command Injection via Unescaped Environment Variables in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

CVE-2026-22176

OpenClaw before version 2026.2.19 contains a command injection in Windows Scheduled Task script generation. The flaw stems from unquoted environment variable assignments written to gateway.cmd (e.g., set KEY=VALUE), allowing metacharacters like &, |, ^, %, or ! to break out of assignment and enab...

EUVD-2026-13005

OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers c...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from command injection during the generation of Windows scheduled task scripts...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an automation tool for executing system commands. A security vulnerability exists in the system.run function in versions of OpenClaw prior to 2026.2.22, which stems from not effectively filtering environment variables such as SHELLOPTS and PS4. An attacker can exploit this vulnerabili...

dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

GHSA-PXRR-HQ57-Q35P dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

CVE-2026-22181

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

CVE-2026-22177

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

CVE-2026-22177

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

CVE-2026-22181

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

CVE-2026-22177

OpenClaw is affected in versions prior to 2026.2.21. The vulnerability arises because the product does not filter dangerous process-control environment variables from config env.vars, enabling startup-time code execution. Attackers can inject variables such as NODE_OPTIONS or LD_* via configurati...