Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.3 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/27 6:31 a.m.5 views

OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/27 6:31 a.m.2 views

GHSA-7977-C43C-XPWJ OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References5
NVD
NVD
added 2026/02/27 4:16 a.m.10 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS0.00495EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 4:16 a.m.2 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

8.8CVSS6.1AI score0.00367EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 3:17 a.m.19 views

CVE-2026-28363

OpenClaw prior to version 2026.2.23 contains a vulnerability in tools.exec.safeBins sort validation that can be bypassed using GNU long-option abbreviations (e.g., --compress-prog) when in allowlist mode. This leads to approval-free execution paths that were intended to require explicit approval,...

9.9CVSS5.6AI score0.00495EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/27 3:17 a.m.20 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 3:17 a.m.3 views

CVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations such as --compress-prog in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22291

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23 Description The software contains a validation bypass in the tools.exec.safeBins logic for the sort command. This bypass occurs when using GNU long-option abbreviations such as --compress-prog in allowlist...

9.9CVSS6.1AI score0.00495EPSS
Exploits0References18
Rows per page
Query Builder