2 matches found
GHSA-27PQ-2PH8-8X25 Duplicate Advisory: Shell positional parameters could weaken strict inline-eval checks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5cj2-3jr2-5h77. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken stri...
CVE-2026-53855
OpenClaw prior to 2026.4.2 is vulnerable to an inline-eval bypass through shell positional parameters, allowing authenticated operators to weaken strict allowlist checks. Attackers can combine allowlisted tools with shell positional arguments to inject inline-eval content into shell carriers that...