Lucene search
+L

6 matches found

NVD
NVD
added 2026/03/19 10:16 p.m.11 views

CVE-2026-32010

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

8.8CVSS0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 10:6 p.m.14 views

EUVD-2026-13271

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

6.3CVSS6AI score0.00286EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.26 views

CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

6.3CVSS0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 7:16 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through a mismatch in wrapper-depth parsing in system.run. An attacker can bypass approval gating by crafting nested transparent dispatch wrappers, allowing...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 7:16 p.m.7 views

GHSA-CCG8-46R6-9QGJ OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode

Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...

8.8CVSS6AI score0.00276EPSS
Exploits0References5
OSV
OSV
added 2026/03/02 10:17 p.m.5 views

GHSA-5F9P-F3W2-FWCH OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains

Summary In the macOS companion app currently beta, a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks in system.run under specific settings. Impact This path requires all of the following: - authenticated caller with operator.write - paired macOS beta node...

2.3CVSS6AI score0.00291EPSS
Exploits0References6
Rows per page
Query Builder