GHSA-W6F4-3V35-QJHJ Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...

CVE-2026-32052

OpenClaw is affected as of versions prior to 2026.2.24, with a command injection in the system.run shell-wrapper. The attack vector involves injecting trailing positional argv carriers after inline shell payloads, enabling execution of hidden commands while a misleading approval text is displayed...

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

CVE-2026-32052 OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

SUSE CVE-2014-1929

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

[SECURITY] Fedora 38 Update: golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc38

Kingpin is a fluent-style, type-safe command-line parser. It supports flags, nested commands, and positional arguments...

[SECURITY] Fedora 37 Update: golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc37

Kingpin is a fluent-style, type-safe command-line parser. It supports flags, nested commands, and positional arguments...

[SECURITY] Fedora 39 Update: golang-gopkg-alecthomas-kingpin-2-2.3.2-1.fc39

Kingpin is a fluent-style, type-safe command-line parser. It supports flags, nested commands, and positional arguments...

PYSEC-2014-92

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

PYSEC-2014-92

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

UBUNTU-CVE-2014-1929

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

Ubuntu: Security Advisory (USN-1589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...