Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/04/08 7:21 p.m.12 views

PraisonAI has Template Injection in Agent Tool Definitions

Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...

8.8CVSS6.6AI score0.00558EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/23 10:16 p.m.7 views

CVE-2026-32901

Rejected reason: This CVE ID has been rejected...

Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27235

OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execu...

6.7CVSS6.2AI score
Exploits0References5
OSV
OSV
added 2026/03/03 9:19 p.m.8 views

GHSA-H3RM-6X7G-882F OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 9:19 p.m.27 views

OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder