3 matches found
CVE-2026-53822
OpenClaw before 2026.5.18 contains a command injection vulnerability in which the shell wrapper argv can change between approval and execution. This allows an attacker to rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security contro...
CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution
OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...
PT-2026-49026
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description Command injection occurs because the shell wrapper argv can be modified between the approval and execution phases. This allows attackers to rebuild command arguments after they have passed...