Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32003

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

7.5CVSS6.1AI score0.0053EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw OS Command Injection Vulnerability

OpenClaw is an automation tool for executing system commands. A security vulnerability exists in the system.run function in versions of OpenClaw prior to 2026.2.22, which stems from not effectively filtering environment variables such as SHELLOPTS and PS4. An attacker can exploit this vulnerabili...

7.5CVSS6.1AI score0.0053EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

CVE-2026-32003

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

6.6CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2026/03/19 10:16 p.m.7 views

CVE-2026-32003

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

7.5CVSS0.0053EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32003

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

7.5CVSS6.1AI score0.0053EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32003 OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

7.5CVSS6.1AI score0.0053EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 10:6 p.m.7 views

EUVD-2026-13257

OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment...

7.5CVSS6.1AI score0.0053EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an automation tool for executing system commands. A security vulnerability exists in the system.run function in versions of OpenClaw prior to 2026.2.22, which stems from not effectively filtering environment variables such as SHELLOPTS and PS4. An attacker can exploit this vulnerabili...

7.5CVSS6AI score0.0053EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 12:40 a.m.5 views

GHSA-2FGQ-7J6H-9RM4 OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

7.5CVSS5.8AI score0.0053EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 12:40 a.m.10 views

OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)

Summary system.run allowed SHELLOPTS + PS4 environment injection to trigger command substitution during bash -lc xtrace expansion before the allowlisted command body executed. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.21-2 includes latest published npm version at...

7.5CVSS5.8AI score0.0053EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.51 views

FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)

Tavis Ormandy reports : The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may al...

4.6CVSS5.8AI score0.00624EPSS
Exploits2References3
exploitpack
exploitpack
added 2005/11/09 12:0 a.m.14 views

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...

1.4AI score
Exploits0
Rows per page
Query Builder