CNNVD-202602-586 Information

CNNVD ID

CNNVD-202602-586

Related CVE

CVE-2026-25157

• CNNVD Published: 2026-02-04

Description (Chinese)

OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.1.29之前版本存在操作系统命令注入漏洞，该漏洞源于sshNodeCommand函数存在OS命令注入漏洞，可能导致执行任意命令。

Description (English)

OpenClaw is an intellectual assistant at the OpenClaw Open Source. Before OpenClaw 2026.1.29, there was a loophole in the operating system command, which originated in the sshNodeCommand function, where there was a gap in the OS command, which could lead to the execution of an arbitrary order.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

openclaw

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-q284-4pvr-m585

Patch

https://openclaw.ai/