Lucene search
K

57 matches found

EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-43539

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions...

8.8CVSS6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday5 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS6AI score0.0026EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago6 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago7 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/30 7:21 p.m.7 views

CVE-2026-57231

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no val...

7.5CVSS6.1AI score0.0026EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 8:56 p.m.12 views

python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/14 8:56 p.m.7 views

GHSA-5V57-8RXJ-3P2R python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41387

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

8.5CVSS0.00241EPSS
Exploits0References2
NVD
NVD
added 2026/04/28 7:37 p.m.9 views

CVE-2026-41373

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

6.1CVSS0.0013EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 7:36 p.m.9 views

CVE-2026-24222

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandb...

8.6CVSS0.00395EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.4 views

EUVD-2026-26096

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

8.5CVSS5.3AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2026/04/28 6:9 p.m.10 views

CVE-2026-41387

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

8.5CVSS5.4AI score0.00241EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41387

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime...

8.5CVSS5.4AI score0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.6 views

EUVD-2026-26082

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

6.1CVSS5.8AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.27 views

CVE-2026-41373

OpenClaw vulnerable before 2026.3.31 due to an incomplete host-env-security-policy.json that does not restrict compiler environment variables. This allows untrusted models to substitute compiler binaries (CC, CXX, CARGO_BUILD_RUSTC, CMAKE_C_COMPILER) via environment overrides when an approved hos...

6.1CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/28 5:46 p.m.21 views

EUVD-2026-26079

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandb...

8.6CVSS5.4AI score0.00395EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 12:31 a.m.12 views

Duplicate Advisory: OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg7q-fg22-4g98. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to...

7.1CVSS5.8AI score0.00307EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from incomplete host environment variable cleanup mechanisms in the host-env-security-policy.json and...

8.5CVSS5.9AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

NVIDIA NeMoClaw 安全漏洞

NVIDIA NeMoClaw is a large-scale behavior constraint and security control framework developed by NVIDIA Corporation in the United States. NVIDIA NeMoClaw has a security vulnerability. This vulnerability stems from issues with the sandbox environment initialization components. It may allow remote...

8.6CVSS5.8AI score0.00395EPSS
Exploits0References2
Rows per page
Query Builder