4 matches found
CVE-2026-32015
OpenClaw versions 2026.1.21 up to 2026.2.19 are affected by a path hijacking vulnerability in tools.exec.safeBins that lets an attacker influence gateway process PATH or launch environment to execute trojan binaries with allowlisted names (e.g., jq). The root cause is improper PATH resolution tha...
CVE-2026-32015
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan...
EUVD-2026-13279
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan...
CVE-2020-7358
The CVE-2020-7358 entry relates to the AppSpider Installer. Affected software: AppSpider installer versions prior to 7.2.126. Vulnerable component: the installer launches an executable, which can be placed in the installation directory by a user with local access. Root cause: the installer cannot...