4 matches found
PT-2026-60200
Name of the Vulnerable Software and Affected Versions Tabby versions prior to 1.0.234 Description Tabby inserts dropped file paths from the tabby-electron/src/pathDrop.ts file into the active shell without neutralizing command substitution metacharacters, such as $… and …. This allows for code...
cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...
EUVD-2026-17188
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...
CVE-2026-28470
OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...