CVE-2026-22169 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169 OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

CVE-2026-22169

OpenClaw before version 2026.2.22 has an allowlist bypass in safeBins. When sort is enabled in tools.exec.safeBins, the compress-program parameter can be exploited to invoke external helpers and execute unauthorized external programs. This is a LOCAL, high-severity issue with high impact on confi...

Malicious code in external-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93035f9471f41f1d28b532573b50bd3f0b5e086d74bc0fbd27e364169d71549 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview external-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49001 Malicious code in external-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e93035f9471f41f1d28b532573b50bd3f0b5e086d74bc0fbd27e364169d71549 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36869

Malicious code in external-helpers npm...

USN-5807-2 libxpm vulnerabilities

USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM fil...

SUSE CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260GHSA-qm7j-c969-7j4q. The fix for that bug still left the door open for an exploit where some credential is leaked but...

USN-5807-1 libxpm vulnerabilities

Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service. CVE-2022-44617 Marc...

PT-2006-2849 · Beagle · Beagle

Name of the Vulnerable Software and Affected Versions: Beagle versions prior to 0.2.5 Description: The issue allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing. This is due to an...