Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.9 views

Duplicate Advisory: OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfp4-8x56-j7c5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environmen...

8.8CVSS5.8AI score0.00392EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/06 9:31 p.m.7 views

GHSA-XRGF-R9GR-JJJF Duplicate Advisory: OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfp4-8x56-j7c5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environmen...

8.8CVSS5.8AI score0.00392EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.6 views

CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.70 views

CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS0.00407EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.19 views

CVE-2026-42435

OpenClaw 2026.2.22 through before 2026.4.12 contains an insufficient shell-wrapper detection vulnerability that lets an attacker inject environment variable assignments at the argv level. By bypassing exec preflight handling, an attacker can manipulate high-risk shell variables such as SHELLOPTS ...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.4 views

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/17 9:54 p.m.4 views

GHSA-VFP4-8X56-J7C5 OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

Summary Exec environment denylist missed high-risk interpreter startup variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The exec environment policy missed interpreter startup variables such as VIMINIT, EXINIT, LUAINIT, and...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References5
Rows per page
Query Builder