9 matches found
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the shell inline-command parsing process. An attacker can execute unauthorized shell commands by crafting command requests that bypass the intended allowlist...
PT-2026-49783
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An allowlist bypass exists in shell inline-command parsing. A command request using shell inline-command forms can route through a parser case that misses the expected allowlist decision, allowi...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from shell option parsing; combining POSIX shell flags could bypass the exec revalidation check. Attackers c...
Claude Code 跨站脚本漏洞
Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.74 contained a cross-site scripting vulnerability. This vulnerability stemmed from a Bash command validation flaw during the parsing of ZSH “clobber” syntax, which could allow bypassing...
CVE-2025-66032
Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...
GHSA-XQ4M-MC3C-VVG3 Claude Code Command Validation Bypass Allows Arbitrary Code Execution
Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The "Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file," Trellix researcher Sagar Bade said in a...
Busybox 安全漏洞
A security vulnerability exists in the Busybox hush applet, which stems from the shell's incorrect handling of the &&&& string in the Busybox hush applet, which was developed by Denis Vlasenko, a Ukrainian developer. An attacker could exploit this vulnerability to cause a denial of service and...