GHSA-5GQG-MQH5-2V39 Duplicate Advisory: OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mqr9-vqhq-3jxw. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script...

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from unsafe handling of the cmd metacharacters and extended sensitive characters...

The vulnerability of D-Link DIR-846W router’s microprogramming software lies in the lack of measures to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary code.

The vulnerability of the D-Link DIR-846W router’s microprogramming software is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the...

The vulnerability of the svc_cifssupport utility in the Dell Unity Operating Environment (OE) system allows a malicious actor to execute arbitrary operating system commands with root privileges.

The vulnerability of the svccifssupport utility in the Dell Unity Operating Environment DELL Unity Operating Environment system exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to...

The vulnerability of the flupl function in D-Link G416 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the flupl function in D-Link G416 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

Advantech iView 命令注入漏洞

Advantech iView, a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices, is vulnerable to a command injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which stems from the use of a special element in a command that is not...

Dolibarr SQL注入漏洞

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in Dolibarr that stems from the vulnerability of dolibarr to unsatisfactory neutralization of specific elements used in SQL commands...

The vulnerability of the SERVER_ID component in D-Link DIR-859 router microprogramming software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This vulnerability allows a hacker to execute arbitrary commands.

The vulnerability of the SERVERID component in the D-Link DIR-859 router microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...