16 matches found
CVE-2026-32010
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
CVE-2026-32016
OpenClaw versions prior to 2026.2.22 on macOS contain a path validation bypass vulnerability in the exec-approval allowlist mode that allows local attackers to execute unauthorized binaries by exploiting basename-only allowlist entries. Attackers can execute same-name local binaries ./echo withou...
CVE-2026-32010
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
CVE-2026-32010
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
EUVD-2026-13271
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an automation tool for executing system commands. A security vulnerability exists in versions of OpenClaw prior to 2026.2.22, which stems from a flaw in the security configuration of the sort tool after it is manually added to the tools.exec.safeBins configuration. An attacker can...
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the --compress-program flag in the sort process when sort is manually added to the tools.exec.safeBins configuration. An attacker can execute...
GHSA-4GC7-QCVF-38WG In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program
Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
Summary In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt. When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skil...
GHSA-7FF8-XJH3-MGH6 OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt
Summary In openclaw versions up to and including 2026.2.22-2, a non-default exec-approval configuration could allow a skill-name collision to bypass an ask=on-miss prompt. When autoAllowSkills=true, a path-scoped executable such as ./skill-bin could resolve to basename skill-bin, satisfy the skil...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through a mismatch in wrapper-depth parsing in system.run. An attacker can bypass approval gating by crafting nested transparent dispatch wrappers, allowing...
GHSA-CCG8-46R6-9QGJ OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...
PT-2026-26392
Summary This issue applies to a non-default configuration only. If sort is manually added to tools.exec.safeBins, OpenClaw could treat sort --compress-program= as valid safe-bin usage. In security=allowlist + ask=on-miss, this could satisfy allowlist checks and skip operator approval, while GNU...
PT-2026-26404
Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...
GHSA-5F9P-F3W2-FWCH OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains
Summary In the macOS companion app currently beta, a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks in system.run under specific settings. Impact This path requires all of the following: - authenticated caller with operator.write - paired macOS beta node...