Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals
Vulnerability Description
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling arbitrary command execution.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.1之前版本存在安全漏洞,该漏洞源于未能固定非路径类argv0令牌的可执行身份,可能导致批准后执行重新绑定攻击。
CVSS Information
N/A
Vulnerability Type
N/A