CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/05 11:25 a.m.•3 views

EUVD-2026-27271

Cvelist•added 2026/05/05 11:25 a.m.•26 views

CVE-2026-43530 OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution

8.8CVSS0.0006EPSS

ATTACKERKB•added 2026/05/05 11:25 a.m.•1 views

CVE-2026-43530

Exploits0References4Affected Software1

CVE•added 2026/05/05 11:25 a.m.•2 views

CVE-2026-43530

OpenClaw 2026.2.23 before 2026.4.12 is affected by a weakened exec approval binding vulnerability in busybox and toybox applet execution. The issue allows an attacker to obscure which applet would run by exploiting opaque multi-call binaries to bypass exec-approval mechanisms and degrade risk ass...

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/05 11:25 a.m.•1 views

CVE-2026-43530 OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution

CNNVD•added 2026/05/05 12:0 a.m.•3 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.2.23 to 2026.4.12 of OpenClaw contained security vulnerabilities. These vulnerabilities stemmed from weakened exec approval binding during the execution of busybox and toybox mini-programs. This could...

Github Security Blog•added 2026/04/17 10:16 p.m.•4 views

Exploits0References1

OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

Exploits0References6Affected Software1

OSV•added 2026/04/17 10:16 p.m.•0 views

GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding

Positive Technologies•added 2026/04/17 12:0 a.m.•4 views

Exploits0References6

PT-2026-37015

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.23 through 2026.4.11 Description An issue exists in the execution of busybox and toybox applets where weakened exec approval binding allows attackers to obscure which applet is actually running. By exploiting opaque...

RedhatCVE•added 2026/03/26 2:57 p.m.•1 views

Exploits0References7

CVE-2026-22175

OpenClaw versions prior to 2026.2.23 contain an exec approval bypass vulnerability in allowlist mode where allow-always grants could be circumvented through unrecognized multiplexer shell wrappers like busybox and toybox sh -c commands. Attackers can exploit this by invoking arbitrary payloads...

OSV•added 2026/03/18 2:16 a.m.•0 views

Exploits0References1

CVE-2026-22175

7.1CVSS6.2AI score

NVD•added 2026/03/18 2:16 a.m.•0 views

CVE-2026-22175

7.1CVSS0.00036EPSS

EUVD•added 2026/03/18 1:34 a.m.•0 views

EUVD-2026-12718

Cvelist•added 2026/03/18 1:34 a.m.•25 views

CVE-2026-22175 OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers

7.1CVSS0.00036EPSS

ATTACKERKB•added 2026/03/18 1:34 a.m.•1 views

CVE-2026-22175

OSV•added 2026/03/02 10:30 p.m.•2 views

Exploits0References4

GHSA-GWQP-86Q6-W47G OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)

Summary OpenClaw exec approvals could be bypassed in allowlist mode when allow-always was granted through unrecognized multiplexer shell wrappers notably busybox sh -c and toybox sh -c. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.22-2 - Latest published vulnerable...

6.9CVSS6AI score0.00036EPSS

Github Security Blog•added 2026/03/02 10:30 p.m.•5 views

OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)

Exploits0References3Affected Software1

Positive Technologies•added 2026/03/02 12:0 a.m.•1 views

PT-2026-26007