Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/06/16 7:17 p.m.7 views

CVE-2026-53853

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern restrictions by directly invoking allowlisted...

8.3CVSS0.00328EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/28 6:9 p.m.31 views

CVE-2026-41392 OpenClaw < 2026.3.31 - Exec Allowlist Bypass via Shell Init-File Options

OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while...

6.7CVSS0.00118EPSS
Exploits0References3
Snyk
Snykadded 2026/04/07 6:14 p.m.1 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the exec allowlist component. An attacker can execute unauthorized scripts by leveraging shell init-file options such as --rcfile, --init-file, or...

6.3CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/29 12:0 a.m.3 views

PT-2026-28454

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains an exec allowlist bypass issue where the matchesExecAllowlistPattern function improperly normalizes patterns. This improper normalization, involving lowercasing and glob...

9.8CVSS6.2AI score0.00406EPSS
Exploits0References8
EUVD
EUVDadded 2026/03/21 6:31 p.m.4 views

EUVD-2026-14254

OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains...

8.8CVSS6AI score0.00419EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/03/05 9:59 p.m.2 views

CVE-2026-28470 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

9.8CVSS6AI score0.00476EPSS
Exploits0References3
Snyk
Snykadded 2026/02/17 4:44 p.m.4 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via cmd.exe on Windows nodes when exec allowlist or approval gating is enabled. An attacker can execute unauthorized commands by crafting input that leverages Windows...

9.8CVSS5.8AI score0.00499EPSS
Exploits0References2
Rows per page
Query Builder