Lucene search
K

4 matches found

OSV
OSV
added 2026/03/21 3:31 a.m.3 views

GHSA-RJ39-33V7-9XRQ Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xgf2-vxv2-rrmg. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the...

7.7CVSS6.4AI score0.00559EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:6 p.m.15 views

CVE-2026-32021

OpenClaw versions prior to 2026.2.22 contain an authorization bypass in the Feishu allowFrom allowlist implementation. The vulnerability allows an attacker to bypass checks by setting a display name equal to a whitelisted ID string, instead of enforcing strict ID-only matching, potentially gainin...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.14 views

Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistenc...

7.2CVSS6.5AI score0.00431EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.5 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had a vulnerability related to operating system command injection. This vulnerability stemmed from the persistent existence of the allow-always wrapper, which allowed...

7.2CVSS6.2AI score0.00431EPSS
Exploits0References3
Rows per page
Query Builder