CNNVD-202602-046 Information
CNNVD ID
CNNVD-202602-046
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.1.29之前版本存在操作系统命令注入漏洞,该漏洞源于Docker沙箱执行机制中构造shell命令时对PATH环境变量处理不安全,可能导致命令注入。
Description (English)
OpenClaw is an intellectual assistant at the OpenClaw Open Source. Before OpenClaw 2026.1.29, there was a loophole in the operating system command, which resulted from the unsafe handling of PATH environmental variables in the construction shell command in the Docker sandbox enforcement mechanism, which could lead to the injection of orders.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
openclaw
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5d8439ea75 https://github.com/openclaw/openclaw/releases/tag/v2026.1.29 https://github.com/openclaw/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v
Patch
https://github.com/openclaw/openclaw/releases
Share on: