Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables
Vulnerability Description
OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended, weakening execution approval boundaries.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在安全决策中依赖未经信任的输入
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.28之前版本存在安全漏洞,该漏洞源于exec-approvals-allowlist.ts中的执行批准漏洞,允许always-always持久化信任包装器载体可执行文件而不是被调用的目标。攻击者可以利用通过分发包装器的位置载体可执行文件路由来建立比预期更广泛的允许列表条目,削弱执行批准边界。
CVSS Information
N/A
Vulnerability Type
N/A