Lucene search
K

75 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

8.8CVSS6.3AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-X742-88JJ-7HV9 Duplicate Advisory: allowlist exec-guard bypass via env -S

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48wf-g7cp-gr3m. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows...

7.1CVSS5.8AI score0.00339EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: allowlist exec-guard bypass via env -S

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48wf-g7cp-gr3m. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows...

8.8CVSS5.8AI score0.00339EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/19 3:30 a.m.3 views

GHSA-5326-6F73-M96W Duplicate Advisory: OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5f9p-f3w2-fwch. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app...

5.6CVSS6AI score0.00291EPSS
Exploits0References5
NVD
NVD
added 2026/03/19 2:16 a.m.6 views

CVE-2026-31992

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

8.8CVSS0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 2:16 a.m.4 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS0.00291EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS6.1AI score0.00291EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS6.1AI score0.00291EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 1:0 a.m.7 views

EUVD-2026-13025

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.25 views

CVE-2026-31993 OpenClaw < 2026.2.22 - Allowlist Parsing Mismatch in system.run Shell Chains

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

5.6CVSS0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.24 views

CVE-2026-31992 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

7.1CVSS0.00339EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 1:0 a.m.6 views

CVE-2026-31992 OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S

OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...

7.1CVSS7.3AI score0.00339EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.23 contained security vulnerabilities. These vulnerabilities were caused by a bypass of the allowed lists in the system’s runtime protection mechanism, which could allow...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 2:16 a.m.5 views

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

8.8CVSS0.00406EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

7.1CVSS6.2AI score0.00406EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.29 views

CVE-2026-22168 OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

7.1CVSS0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 1:34 a.m.4 views

EUVD-2026-12708

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

7.1CVSS6.2AI score0.00406EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/05 9:57 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the WebsiteAddContent process. An attacker can access sensitive files on the server by supplying crafted path values containing directory traversal sequences. This is only exploitable if the attacker has an...

7.1CVSS6.5AI score0.00485EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.6 views

CVE-2023-22428

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to vEL8.60.2347 MR6, vEL8.50 prior to vEL8.50.2831MR8, vEL8.40 a...

7.6CVSS7AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:30 a.m.8 views

CVE-2024-42407

Insertion of Sensitive Information into Log File CWE-532 in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to...

8.5CVSS6.4AI score0.00316EPSS
Exploits0References1
Rows per page
Query Builder