Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.3 views

CVE-2026-32030

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the stageSandboxMedia function that accepts arbitrary absolute paths when iMessage remote attachment fetching is enabled. An attacker who can tamper with attachment path metadata can disclose files readable by the...

8.2CVSS6AI score0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 3:30 a.m.4 views

GHSA-8PX5-2GFR-7PH6 Duplicate Advisory: OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fg3m-vhrr-8gj6. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's...

5.8CVSS6AI score0.00525EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00571EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.2 views

CVE-2026-31995

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...

5.8CVSS6AI score0.00525EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/18 1:34 a.m.13 views

CVE-2026-22178

CVE-2026-22178 concerns OpenClaw. Vulnerability arises when versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata inside stripBotMention(), enabling regex injection and potential ReDoS. Attackers can craft nested-quantifier patterns or metacharacters...

8.2CVSS5.8AI score0.00311EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder