CVE-2026-55249
The CVE-2026-55249 issue affects @rtk-ai/rtk-rewrite OpenClaw plugin (v1.0.0), where attacker-controlled input is injected into a shell-backed execSync() template string. JSON.stringify() wraps values in quotes but does not neutralize shell metacharacters, leaving $() and backticks untouched. Sin...