2127 matches found
CVE-2026-28455
Rejected reason: This CVE ID has been rejected...
CVE-2026-32912
...
CVE-2026-32912
OpenClaw 2016.2.26 exposes a local a vulnerability in Windows wrapper resolution for .cmd/.bat files, where current working directory manipulation can change wrapper resolution and lead to command execution integrity loss. Affected: OpenClaw versions prior to 2026.3.1. Root cause: current working...
CVE-2026-32900
...
CVE-2026-32900
OpenClaw CVE-2026-32900 affects versions prior to 2026.2.22. The vulnerability is an authorization bypass in allowlist mode due to allow-always persistence at the wrapper level, enabling approval-bypass execution of different payloads. This allows attackers to approve benign wrapped system.run co...
CVE-2026-28455
OpenClaw vulnerable before 2026.2.22 due to an allowlist bypass in system.run exec analysis. The flaw allows attackers to route execution through wrapper binaries (e.g., env, bash) and bypass intended allowlist restrictions by failing to unwrap env and shell-dispatch wrapper chains. Affected prod...
CVE-2026-28455
...
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
CVE-2026-27183
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
EUVD-2026-14555
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
CVE-2026-27183 OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules, permitting exactl...
PT-2026-27234
OpenClaw before 2026.2.22 contains an authorization bypass vulnerability in allowlist mode where allow-always persistence at wrapper-level enables approval-bypass execution of different payloads. Attackers can approve benign wrapped system.run commands to broaden trust boundaries and execute...
PT-2026-27244
OpenClaw versions 2026.2.26 before 2026.3.1 contain a current working directory injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows shell execution fallback. Attackers can manipulate the current working directory to alter wrapper resolution behavior and achieve...
EUVD-2026-14254
OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains...
GHSA-W6F4-3V35-QJHJ Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...
Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6rcp-vxwf-3mfp. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that...
CVE-2026-32052
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...
CVE-2026-32052
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...
CVE-2026-32052
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while executing arbitrary...
CVE-2026-32052
OpenClaw is affected as of versions prior to 2026.2.24, with a command injection in the system.run shell-wrapper. The attack vector involves injecting trailing positional argv carriers after inline shell payloads, enabling execution of hidden commands while a misleading approval text is displayed...