Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.8 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.9 views

EUVD-2026-14580

OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execu...

5.4CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2026/03/23 10:16 p.m.5 views

CVE-2026-32901

Rejected reason: This CVE ID has been rejected...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.9 views

CVE-2026-32901

Affected software: OpenClaw prior to version 2026.3.2. Vulnerability type: semantic drift in node system.run approval hardening that rewrites wrapper argv, enabling execution of unintended local scripts when an attacker can influence argv and place malicious files in the approved working director...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2026/03/23 9:36 p.m.20 views

CVE-2026-32901

...

Exploits0
EUVD
EUVD
added 2026/03/19 3:30 a.m.5 views

EUVD-2026-13016

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-G87J-GM7P-6VW2 Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...

6.7CVSS6AI score0.0013EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.9 views

Duplicate Advisory: OpenClaw's Node system.run approval hardening wrapper semantic drift can execute unintended local scripts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3rm-6x7g-882f. This link is maintained to preserve external references. Original Description OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting...

6.7CVSS6AI score0.0013EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/19 2:16 a.m.5 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2026/03/19 2:16 a.m.11 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.6 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/19 1:0 a.m.16 views

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval-integrity vulnerability in the system.run node-host path where argv rewriting changes the executed command. The issue allows an attacker to place a local script in the approved working directory and have it run instead of the text shown to the operator, desp...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.11 views

PT-2026-26228

Summary In [email protected], node system.run approval-path hardening rewrote wrapper command argv in a way that changed execution semantics. A command shown/approved as a shell payload for example echo SAFE could execute a different local script when wrapper argv were rewritten. Affected Package...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References9
Rows per page
Query Builder