漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw 2026.2.22-2 < 2026.2.23 - Allowlist Bypass via sort Long-Option Abbreviation in tools.exec.safeBins
Vulnerability Description
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long options to skip approval requirements in allowlist mode.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.23之前版本存在安全漏洞,该漏洞源于tools.exec.safeBins对sort命令的验证存在缺陷,无法正确验证GNU长选项缩写,导致攻击者能够通过缩写选项绕过拒绝标志检查。
CVSS Information
N/A
Vulnerability Type
N/A