Lucene search
K

423 matches found

EUVD
EUVD
added 2026/03/24 12:30 a.m.9 views

EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

8.5CVSS6.3AI score
Exploits0References4
NVD
NVD
added 2026/03/23 10:16 p.m.3 views

CVE-2026-32907

Rejected reason: This CVE ID has been rejected...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.10 views

CVE-2026-32907

OpenClaw is affected by CVE-2026-32907 in versions prior to 2026.2.19. A local command-injection flaw exists in Windows scheduled task script generation, allowing an attacker who can influence service script generation values to inject unescaped cmd metacharacters into gateway.cmd arguments and a...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27239

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

7.8CVSS6.3AI score
Exploits0References5
NVD
NVD
added 2026/03/20 7:16 p.m.4 views

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS0.00697EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/20 6:32 p.m.4 views

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS5.5AI score0.00697EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/20 6:32 p.m.1 views

CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS5.5AI score0.00697EPSS
Exploits0References7
OSV
OSV
added 2026/03/19 3:30 a.m.5 views

GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.1CVSS6AI score0.00571EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.4 views

Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

7.8CVSS6AI score0.00571EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/19 2:16 a.m.10 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS0.00571EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 2:16 a.m.3 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.1CVSS6.1AI score0.00571EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.5 views

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.1CVSS6.1AI score0.00571EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 1:0 a.m.6 views

EUVD-2026-13027

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.8CVSS6.1AI score0.00571EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 1:0 a.m.25 views

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

7.1CVSS0.00571EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from unsafe handling of the cmd metacharacters and extended sensitive characters...

7.8CVSS5.8AI score0.00571EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 2:16 a.m.4 views

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

8.8CVSS0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 3:30 p.m.2 views

EUVD-2026-12269

A vulnerability was identified in bazinga012 mcpcodeexecutor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available...

5.3CVSS5.5AI score0.00636EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2026-12267

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

5.3CVSS5.4AI score0.00649EPSS
Exploits0References8
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4198

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

5.3CVSS0.00649EPSS
Exploits0References7
Rows per page
Query Builder