12893 matches found
CVE-2026-31992
OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...
CVE-2026-27566
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...
CVE-2026-27566 OpenClaw < 2026.2.22 - Allowlist Bypass via Wrapper Binary Unwrapping in system.run
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...
EUVD-2026-13007
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had a vulnerability related to operating system command injection. This vulnerability stemmed from a bypass of the allowed list in the system.run exec analysis, allowing...
Cross-Ecosystem Vulnerability Analysis for Python Applications
Python applications depend on native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these libraries, determining which Python packages are affected requires cross-ecosystem analysis spanning Python dependency...
PT-2026-26232
OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...
Security Awareness in LLM Agents: The NDAI Zone Case
NDAI zones let inventor and investor agents negotiate inside a Trusted Execution Environment TEE where any disclosed information is deleted if no deal is reached. This makes full IP disclosure the rational strategy for the inventor's agent. Leveraging this infrastructure, however, requires agents...
Exploit for Incorrect Default Permissions in Amazon Amplify_Cli
skycenter Attack Chain Security Analysis Engine for AWS, Azure...
Timing Attack
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducin...
Malicious code in prometheus-quicker-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1910 Malicious code in prometheus-quick-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in prometheus-quick-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1911 Malicious code in prometheus-quicker-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in prometheus-fast-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1909 Malicious code in prometheus-fast-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in prometheus-analysis-1 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1908 Malicious code in prometheus-analysis-1 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1907 Malicious code in prometheus-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in prometheus-analysis (PyPI)
--- -= Per source details. Do not edit below this line.=-...