2 matches found
CVE-2026-28470
OpenClaw is affected in versions prior to 2026.2.2. The issue is an exec approvals allowlist bypass that lets an attacker run arbitrary commands by injecting command substitution syntax (unescaped $() or backticks) inside double-quoted strings, bypassing the allowlist protection. The vulnerabilit...
vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28470 via openclaw (=0.0.1)
openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28470 Source advisory: OSV:GHSA-3HCM-GGVF-RCH5...