Lucene search
K

4 matches found

CVE
CVE
added 2026/03/21 12:42 a.m.9 views

CVE-2026-32065

Summary (concrete): CVE-2026-32065 affects OpenClaw

6.5CVSS6.1AI score0.0029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.27 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.2 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 11:33 p.m.5 views

GHSA-HWPQ-RRPF-PGCQ OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Summary system.run approvals in OpenClaw used rendered command text as the approval identity while trimming argv token whitespace. Runtime execution still used raw argv. A crafted trailing-space executable token could therefore execute a different binary than what the approver saw. Affected...

5.7CVSS6.2AI score0.0029EPSS
Exploits0References5
Rows per page
Query Builder