Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins
Vulnerability Description
OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the same name as an allowed executable to achieve arbitrary command execution within the OpenClaw runtime context.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
OpenClaw 代码问题漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.24之前版本存在代码问题漏洞,该漏洞源于safeBins允许列表评估中的策略绕过问题,可能导致攻击者在受信任目录中放置恶意二进制文件以实现任意命令执行。
CVSS Information
N/A
Vulnerability Type
N/A