7 matches found
CVE-2026-15193
CVE-2026-15193 affects AidanPark openclaw-android up to 0.4.0. The issue resides in Android WebView Bridge's JsBridge.kt (unknown function) and enables OS command injection via local access. Publicly disclosed exploit details exist, and a fix is awaiting acceptance in a pull request. Remediation ...
CVE-2026-15193
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...
CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...
EUVD-2026-42626
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...
CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...
CVE-2026-44698
CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...
CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...