Lucene search
+L

4 matches found

github
github
added 2026/03/21 3:31 a.m.10 views

Duplicate Advisory: OpenClaw: system.run approval identity mismatch could execute a different binary than displayed

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwpq-rrpf-pgcq. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered...

6.5CVSS6AI score0.0029EPSS
Exploits0References5Affected Software1
attackerkb
attackerkb
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32065

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.1AI score0.0029EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/21 12:42 a.m.30 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS0.0029EPSS
Exploits0References3
osv
osv
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32065 OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space executable token to...

5.7CVSS6.2AI score0.0029EPSS
Exploits0References5
Rows per page
Query Builder