13 matches found
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...
EUVD-2026-14580
OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execu...
CVE-2026-32901
Rejected reason: This CVE ID has been rejected...
CVE-2026-32901
Affected software: OpenClaw prior to version 2026.3.2. Vulnerability type: semantic drift in node system.run approval hardening that rewrites wrapper argv, enabling execution of unintended local scripts when an attacker can influence argv and place malicious files in the approved working director...
CVE-2026-32901
...
EUVD-2026-13016
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...
GHSA-G87J-GM7P-6VW2 Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...
Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval-integrity vulnerability in the system.run node-host path where argv rewriting changes the executed command. The issue allows an attacker to place a local script in the approved working directory and have it run instead of the text shown to the operator, desp...
PT-2026-26228
Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...