Lucene search
K

4 matches found

OSV
OSV
added 2026/06/18 1:3 p.m.5 views

GHSA-F397-5VJW-V2C2 OpenClaw: Shell inline-command parsing could miss an allowlist check

Summary Shell inline-command parsing could miss an allowlist check. In affected versions, a command request using shell inline-command forms could route an inline command through a parser case that did not receive the expected allowlist decision. This advisory is scoped to the named feature and...

8.1CVSS5.6AI score0.0026EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:17 p.m.10 views

CVE-2026-53866

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision,...

8.1CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:5 p.m.23 views

CVE-2026-53866

OpenClaw vulnerable before version 2026.5.12 due to an allowlist bypass in shell inline-command parsing. Affected: authenticated operators could cause unapproved commands to execute because a parser case omits the expected allowlist decision. The issue is tied to the shell inline-command handling...

8.1CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49783

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An allowlist bypass exists in shell inline-command parsing. A command request using shell inline-command forms can route through a parser case that misses the expected allowlist decision, allowi...

8.1CVSS5.5AI score0.0026EPSS
Exploits0References5
Rows per page
Query Builder