Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/11 6:31 p.m.6 views

GHSA-XPR6-2HGM-4WWP Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 4:46 p.m.35 views

CVE-2026-45004

OpenClaw vulnerable to arbitrary code execution prior to version 2026.4.23. The flaw is in the bundled plugin setup resolver, which loads setup-api.js from process.cwd() during provider setup metadata resolution. An attacker can place a malicious extensions//setup-api.js in a repository and cause...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 had code vulnerabilities. These vulnerabilities stemmed from the bundled plugin setup parser, which loaded setup-api.js from process.cwd. This allowed attackers to execute...

8.4CVSS6.1AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25454

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00199EPSS
Exploits0References5
Rows per page
Query Builder