Lucene search
K

12 matches found

NVD
NVD
added 2026/06/23 7:17 p.m.8 views

CVE-2026-55249

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

8.8CVSS0.00288EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 6:33 p.m.9 views

EUVD-2026-38571

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

6.3CVSS6.2AI score0.00288EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:33 p.m.5 views

CVE-2026-55249

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

6.3CVSS6.2AI score0.00288EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01385EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 3:33 p.m.4 views

GHSA-CV2P-68F4-F4PW picoclaw is vulnerable to OS command injection via the ExecTool component

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 2:16 p.m.14 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

7.3CVSS0.01314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.8 views

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

5.9AI score0.01314EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:0 a.m.23 views

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

7.3CVSS5.9AI score0.01314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/25 11:0 a.m.10 views

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01385EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 11:0 a.m.13 views

EUVD-2026-31668

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01385EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

miniclawd 操作系统命令注入漏洞

miniclawd is a lightweight personal AI assistant with multi-LLM and multi-channel support by Ziwen Personal Developer. miniclawd suffers from an OS command injection vulnerability that originates from the parameter manipulation of the function ExecTool.execute in the file /src/tools/exec.ts, whic...

7.5CVSS7AI score0.01385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.17 views

PT-2026-43039

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01385EPSS
Exploits0References5
Rows per page
Query Builder