Lucene search
+L

4 matches found

EUVD
EUVD
added 2026/03/31 12:31 p.m.6 views

EUVD-2026-17379

OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve...

7.3CVSS6AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 10:16 p.m.16 views

CVE-2026-28391

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

9.8CVSS0.00499EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.6 views

CVE-2026-28391

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

9.8CVSS5.9AI score0.00499EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 9:59 p.m.7 views

CVE-2026-28391 OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

9.2CVSS6.1AI score0.00499EPSS
Exploits0References5
Rows per page
Query Builder