11 matches found
EUVD-2026-14559
OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions...
Duplicate Advisory: Exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jj82-76v6-933r. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails...
CVE-2026-31992
OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulnerability in system.run guardrails that allows authenticated operators to execute unintended commands. When /usr/bin/env is allowlisted, attackers can use env -S to bypass policy analysis and execute shell wrapper payloads at...
CVE-2026-27566
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...
CVE-2026-27566
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads that satisfy allowlist entries while...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: OSV:GHSA-9X36-C74V-FGR6...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: SNYK:PYTHON-MLLOGGER-1311003...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10950 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10950 Source advisory: OSV:GHSA-57HM-8RJV-498W...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10951 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10951 Source advisory: OSV:GHSA-8X9J-2P8R-7XC6...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10951 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10951 Source advisory: SNYK:PYTHON-MLLOGGER-1311002...
cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10950 via ml-logger (=0.10.36)
ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10950 Source advisory: SNYK:PYTHON-MLLOGGER-1311002...