4 matches found
CVE-2026-32063 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
CVE-2026-32063
OpenClaw 2026.2.19-2 is affected by a command injection in systemd unit file generation due to unvalidated CR/LF in attacker-controlled environment values. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of th...
CVE-2026-32063 OpenClaw 2026.2.19-2 < 2026.2.21 - Command Injection via Newline in systemd Unit Generation
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary system...
PT-2026-24673
Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...