Lucene search
K

7 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.11 views

EUVD-2026-25344

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

6.7CVSS6AI score0.00091EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 10:16 p.m.11 views

CVE-2026-41360

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

6.7CVSS0.00091EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:58 p.m.18 views

CVE-2026-41360

OpenClaw

6.7CVSS6AI score0.00091EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from a integrity approval vulnerability present in pnpm dlx. The vulnerability allowed local script operation...

6.7CVSS5.9AI score0.00091EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34791

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

6.7CVSS6AI score0.00091EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 6:15 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through the approval process for local scripts in pnpm dlx. An attacker can execute unauthorized or modified scripts by replacing an approved local script after...

6.9CVSS5.8AI score0.00091EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 6:15 p.m.2 views

GHSA-W6WX-JQ6J-6MCJ OpenClaw: pnpm dlx approvals did not bind local script operands

Summary Before OpenClaw 2026.4.2, pnpm dlx approval planning did not bind local script operands the same way as related pnpm exec flows. A local script approved through a pnpm dlx path could be replaced before execution without invalidating the approval. Impact An operator could approve a benign...

6.9CVSS6AI score
Exploits0References3
Rows per page
Query Builder