TROYANOSYVIRUS
Voltar para CVEs

CVE-2026-31999

MEDIUM
6.3

Descricao

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution fallback mechanisms to achieve command execution integrity loss by controlling the current working directory during wrapper resolution.

Detalhes CVE

Pontuacao CVSS v3.16.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/19/2026
Ultima modificacao3/19/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

openclaw:openclaw

Fraquezas (CWE)

CWE-78

Referencias

https://github.com/openclaw/openclaw/security/advisories/GHSA-6f6j-wx9w-ff4j(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-current-working-directory-injection-via-windows-wrapper-resolution-fallback(disclosure@vulncheck.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.