469 matches found
GHSA-8PX5-2GFR-7PH6 Duplicate Advisory: OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fg3m-vhrr-8gj6. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's...
GHSA-5RP4-CWGH-GVWQ Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7fcc-cw49-xm78. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool executio...
CVE-2026-32000
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-31995
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
CVE-2026-31995
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
CVE-2026-32000
OpenClaw Open Source project’s Lobster tool execution path is affected by command injection on Windows due to a shell: true fallback after spawn failures (EINVAL/ENOENT) in affected releases. Affected versions are OpenClaw with Lobster tool up to 2026.2.19; exploitation could allow arbitrary comm...
CVE-2026-32000 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-32000
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-32000 OpenClaw < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Tool Execution
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-31995 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
CVE-2026-31995 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
CVE-2026-31995
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
CVE-2026-31995
OpenClaw is affected: versions 2026.1.21 up to 2026.2.18 include a command injection in the Lobster extension’s Windows shell fallback mechanism. When spawn failures trigger shell: true and arguments are provided by the workflow, cmd.exe command interpretation can be exploited to execute arbitrar...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.1.21 to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the Windows shell backtracking mechanism implement...
OpenClaw 操作系统命令注入漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the Windows shell backtracking mechanism used in the Lobster...
EUVD-2026-10656
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability
...
CVE-2026-25185
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
Windows Shell Link Processing Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
Microsoft Windows Shell 信息泄露漏洞
Microsoft Windows Shell is the graphical user interface of the Windows operating system developed by Microsoft. Key features of the Windows Shell include the desktop, taskbar, start menu, task switcher, and auto-play functions. In some versions of Windows, features like Flip 3D and Charm are also...