14 matches found
CVE-2026-42423
OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...
CVE-2026-42423 OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback
OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...
CVE-2026-42423 OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback
OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...
CVE-2026-42423
OpenClaw prior to 2026.4.8 contains an approval-timeout fallback that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. This allows an attacker to exploit the timeout fallback to execute inline eval commands that would normally require explicit user approval...
CVE-2026-32043
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...
CVE-2026-32900
Rejected reason: This CVE ID has been rejected...
Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mwcg-wfq3-4gjc. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run...
EUVD-2026-13935
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...
GHSA-3P2X-HJXJ-C7RV Duplicate Advisory: OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mwcg-wfq3-4gjc. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run...
CVE-2026-32043 OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...
EUVD-2026-9912
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject...
CVE-2026-28466
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject...
OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host
Summary In [email protected], approval-bound system.run on node hosts could be influenced by mutable symlink cwd targets between approval and execution. Details Approval matching on the gateway validated command/argv and binding fields, including cwd, as provided text. Node execution later used...
Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. It was reported that OpenShift Enterprise 2.2 did not properly restrict access to services running on different gears. This could allow an...