6 matches found
CVE-2026-32909
Rejected reason: This CVE ID has been rejected...
CVE-2026-32909
OpenClaw before 2026.2.19 contains a command-injection vulnerability in tools.exec.safeBins that lets an attacker bypass stdin-only restrictions by using sort output flags or recursive grep flags. This can enable arbitrary file writes via sort -o and recursive file reads via grep -R, bypassing th...
GHSA-GGM6-H3MX-CMMP Duplicate Advisory: safeBins stdin-only bypass via sort output and recursive grep flags
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-c5cp-vp95. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allow...
CVE-2026-31996
OpenClaw
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from a flaw in input validation within tools.exec.safeBins, which could allow...
GHSA-4685-C5CP-VP95 OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags
Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags -o / --output or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.19 - Latest published version at triag...