Lucene search
K

49 matches found

OSV
OSV
added 2026/07/02 3:57 p.m.7 views

GHSA-2J8V-HWGC-X698 OpenClaw: Shell wrapper argv could change between approval and execution

Summary Shell wrapper argv could change between approval and execution. In affected versions, a command request using a shell wrapper form could approve one resolved argv shape and rebuild another for execution. This advisory is scoped to the named feature and configuration. It does not change...

8.7CVSS6AI score0.00982EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57282

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS6.2AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.14 views

EUVD-2026-36610

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.8CVSS5.5AI score0.00982EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.8 views

CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.8CVSS5.5AI score0.00982EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.7CVSS6.1AI score0.00982EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 9:56 p.m.41 views

CVE-2026-53822

OpenClaw before 2026.5.18 contains a command injection vulnerability in which the shell wrapper argv can change between approval and execution. This allows an attacker to rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security contro...

8.8CVSS5.6AI score0.00982EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.32 views

CVE-2026-53822 OpenClaw < 2026.5.18 - Command Argument Modification via Shell Wrapper Between Approval and Execution

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security controls...

8.8CVSS0.00982EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-49026

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description Command injection occurs because the shell wrapper argv can be modified between the approval and execution phases. This allows attackers to rebuild command arguments after they have passed...

8.8CVSS6AI score0.00982EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 4:22 p.m.49 views

CVE-2026-43990 JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's runcommand wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...

8.4CVSS0.00151EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 4:22 p.m.23 views

CVE-2026-43990

CVE-2026-43990 affects JunoClaw’s plugin-shell component. Before 0.x.y-security-1, run_command wrapped agent-supplied commands in sh -c / cmd /C and passed the full argument string to the shell parser, enabling shell metacharacters in arguments to be interpreted as command syntax. This is fixed i...

8.4CVSS5.8AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 4:22 p.m.10 views

CVE-2026-43990 JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's runcommand wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...

8.4CVSS5.8AI score0.00151EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.9 views

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 12:16 p.m.51 views

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS0.00407EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.19 views

CVE-2026-42435

OpenClaw 2026.2.22 through before 2026.4.12 contains an insufficient shell-wrapper detection vulnerability that lets an attacker inject environment variable assignments at the argv level. By bypassing exec preflight handling, an attacker can manipulate high-risk shell variables such as SHELLOPTS ...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:24 a.m.7 views

EUVD-2026-27253

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.72 views

CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS0.00407EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.22 to 2026.4.12 contained security vulnerabilities. These vulnerabilities were due to insufficient detection by the shell wrapper, allowing attackers to inject environment variable...

8.8CVSS5.8AI score0.00407EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/17 9:53 p.m.11 views

OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Summary Shell-wrapper detection missed env-argv assignment injection forms. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.22 = 2026.4.12 Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/17 9:53 p.m.9 views

GHSA-J6C7-3H5X-99G9 OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Summary Shell-wrapper detection missed env-argv assignment injection forms. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.22 = 2026.4.12 Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could...

6.3CVSS5.9AI score0.00407EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-32052

OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...

9.8CVSS6.1AI score0.00911EPSS
Exploits0References1
Rows per page
Query Builder