OpenClaw Command Injection Vulnerability (CNVD-2026-15058)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A command injection vulnerability exists in versions of OpenClaw prior to 2026.2.24. The vulnerability stems from a failure to properly filter construct command special characters, commands, etc. in the system.run...

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

New ClickFix Scam Tricks Users Into Mapping Hacker-Controlled Drives

A new ClickFix scam tricks Windows users into running hidden commands that map hacker-controlled drives and load malware…...

GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run. An attacker can execute hidden commands under misleading approval or display text by supplying additional positional argv payloads that are not...

GHSA-6RCP-VXWF-3MFP OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands

The newly released OpenAI ChatGPT Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox combined address/search bar interprets input either as a URL to...

EUVD-2020-24623

Malware in sbrugna...

Hidden Commands in Images Exploit AI Chatbots and Steal Data

Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a…...

Linux Distros Unpatched Vulnerability : CVE-2023-23599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands t...

CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...

OESA-2024-1405 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: When copying a network request from the developer tools panel as a curl command the output was n...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...

Mozilla: Malicious command could be hidden in devtools output

The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...