PT-2026-56869 · Aidanpark · Openclaw-Android

Dem00000

·

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-15193

CVSS v2.0

4.3

Média

VetorAV:L/AC:L/Au:S/C:P/I:P/A:P
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Exploit

Correção

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15193

Produtos afetados

Openclaw-Android