17 matches found
CVE-2026-28460
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\\ followed by a...
EUVD-2026-14564
OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation. Attackers can bypass shell-wrapper analysis by injecting $\ followed by newline and inside...
CVE-2026-32047
Rejected reason: This CVE ID has been rejected...
CVE-2026-32047
...
CVE-2026-32047
OpenClaw before 2026.2.22 is affected by an allowlist bypass in system.run . Attackers can bypass shell-wrapper analysis by injecting $\ followed by a newline and ( inside double quotes, folding the payload into $(...) to execute arbitrary subcommands. This is a local, low-complexity issue with l...
PT-2026-27227
OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation. Attackers can bypass shell-wrapper analysis by injecting $ followed by newline and inside...
GHSA-XRGV-34CC-Q765 Duplicate Advisory: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9868-vxmx-w862. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to...
EUVD-2026-13013
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\ followed by a...
Duplicate Advisory: OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9868-vxmx-w862. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to...
CVE-2026-28460
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\ followed by a...
CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\ followed by a...
CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in system.run that allows attackers to execute non-allowlisted commands by splitting command substitution using shell line-continuation characters. Attackers can bypass security analysis by injecting $\ followed by a...
CVE-2026-28460
OpenClaw Open-Source: OpenClaw versions prior to 2026.2.22 are affected by an allowlist bypass in system.run. The issue lets an attacker bypass the approval boundary by splitting command substitution with shell line-continuation characters, specifically injecting "$\" followed by a newline and an...
Incorrect Authorization
Overview openclaw is a š¦ OpenClaw ā Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run when shell line-continuation and command substitution are used to bypass allowlist analysis. An attacker can execute unauthorized commands by crafti...
OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Summary In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $\ + newline + inside double quotes. Analysis treated the payload as allowlisted for example /bin/echo, while shell runtime folded the line continuation into $... and...
GHSA-9868-VXMX-W862 OpenClaw's system.run allowlist bypass via shell line-continuation command substitution
Summary In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $\ + newline + inside double quotes. Analysis treated the payload as allowlisted for example /bin/echo, while shell runtime folded the line continuation into $... and...
The vulnerability of the console utility for downloading files with wget arises from insufficient input validation, allowing a attacker to compromise data integrity.
The vulnerability of the console utility for downloading files with wget relates to the lack of processing of the ā\r\nā sequence in line continuation strings during the grammatical analysis of HTTP headers containing Set-Cookies. Exploiting this vulnerability allows a remote attacker to insert...