Lucene search
K

167 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.6 views

CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS5.9AI score0.00407EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.70 views

CVE-2026-42435 OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable Assignment Injection

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS0.00407EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.22 to 2026.4.12 contained security vulnerabilities. These vulnerabilities were due to insufficient detection by the shell wrapper, allowing attackers to inject environment variable...

8.8CVSS5.8AI score0.00407EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.87 views

GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation

Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils/ Version: GNU InetUtils 2.0...

9.8CVSS8.9AI score0.98871EPSS
Exploits60
NVD
NVD
added 2026/04/28 7:37 p.m.6 views

CVE-2026-41384

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS0.00143EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.16 views

CVE-2026-42427

OpenClaw is affected (pre-2026.4.8). The vulnerability arises from missing denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS in the build environment, enabling attackers to inject hostile environment variables that influence host exec commands and achieve remo...

5.8CVSS6.7AI score0.00188EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.32 views

CVE-2026-42427 OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and...

5.8CVSS0.00188EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.16 views

CVE-2026-41915

CVE-2026-41915 affects OpenClaw prior to 2026.4.8. The vulnerability arises from failing to remove git plumbing environment variables (e.g., GIT_DIR) from the execution environment before host exec operations, allowing an attacker to set these vars to redirect git operations and potentially compr...

6.1CVSS5.5AI score0.00115EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.4 views

CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...

5.8CVSS5.5AI score0.00115EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.31 views

CVE-2026-41384 OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41384

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS7.1AI score0.00143EPSS
Exploits0References4
CVE
CVE
added 2026/04/28 6:9 p.m.13 views

CVE-2026-41384

OpenClaw prior to 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows malicious workspace configs to inject environment variables into the spawned backend process, enabling code execution or sensitive data exposure. Affected package: openclaw (...

8.5CVSS7.2AI score0.00143EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.2 views

CVE-2026-41384 OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS7.1AI score0.00143EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.9 views

EUVD-2026-26093

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS7.1AI score0.00143EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from an environment variable injection vulnerability in the CLI backend runner, allowing attackers to inject...

8.5CVSS6.8AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 12:16 a.m.7 views

CVE-2026-41294

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment...

8.6CVSS0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from loading the current working directory’s .env file before configuring the trusted state directory, which...

8.6CVSS5.8AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 11:8 p.m.15 views

CVE-2026-41294

OpenClaw is affected by CVE-2026-41294: versions before 2026.3.28 load the current working directory’s .env file during startup before trusted state-dir configuration, allowing environment variable injection that can override runtime configuration and security-sensitive environment settings. The ...

8.6CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.5 views

CVE-2026-41294 OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment...

8.6CVSS5.8AI score0.0013EPSS
Exploits0References2
Rows per page
Query Builder