5 matches found
Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...
GHSA-XPR6-2HGM-4WWP Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...
CVE-2026-45004
OpenClaw vulnerable to arbitrary code execution prior to version 2026.4.23. The flaw is in the bundled plugin setup resolver, which loads setup-api.js from process.cwd() during provider setup metadata resolution. An attacker can place a malicious extensions//setup-api.js in a repository and cause...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 had code vulnerabilities. These vulnerabilities stemmed from the bundled plugin setup parser, which loaded setup-api.js from process.cwd. This allowed attackers to execute...
EUVD-2025-25454
Malicious code in bioql PyPI...