Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/11 1:32 p.m.2 views

CVE-2026-32063 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation

OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...

7.1CVSS6AI score0.01075EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 1:32 p.m.18 views

CVE-2026-32063

OpenClaw 2026.2.19-2 is affected by a command injection in systemd unit file generation due to unvalidated CR/LF in attacker-controlled environment values. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of th...

7.8CVSS6AI score0.01075EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/11 1:32 p.m.4 views

CVE-2026-32063 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation

OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...

6.9CVSS6.2AI score0.01075EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-24673

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

8.6CVSS6.1AI score0.01075EPSS
Exploits1References11
Rows per page
Query Builder