The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
102 vulnerabilities with CWE-184
CVE-2026-42427
MEDIUM
OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection
CVSS 5.3
CVE-2026-41915
MEDIUM
OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment
CVSS 5.3
CVE-2026-41392
MEDIUM
OpenClaw < 2026.3.31 - Exec Allowlist Bypass via Shell Init-File Options
CVSS 6.7
CVE-2026-41391
MEDIUM
OpenClaw < 2026.3.31 - Environment Variable Bypass in Package Index URL Handling
CVSS 5.3
CVE-2026-31952
HIGH
Xibo CMS API has SQL Injection via DataSet Filter Parameter
CVSS 7.6
CVE-2026-41361
HIGH
OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges
CVSS 7.1
CVE-2026-41332
MEDIUM
OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist
CVSS 5.3
CVE-2026-41264
CRITICAL
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
CVE-2026-41206
HIGH
PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code
CVSS 7.8
CVE-2026-34415
CRITICAL
Xerte Online Toolkits File Upload RCE via elfinder Connector
CVSS 9.8
CVE-2026-26274
MEDIUM
October: Safe Mode Bypass via Twig Database Write Operations
CVSS 6.6
CVE-2026-26067
MEDIUM
October: Safe Mode Bypass via CSS Preprocessor Compilers
CVSS 4.9
CVE-2026-25525
MEDIUM
OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
CVSS 4.9
CVE-2026-40077
LOW
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
CVSS 3.5
CVE-2026-39315
MEDIUM
Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
CVSS 6.1
CVE-2026-34177
CRITICAL
VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
CVSS 9.1
CVE-2026-35410
MEDIUM
Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
CVSS 6.1
CVE-2026-34426
HIGH
OpenClaw - Approval Bypass via Environment Variable Normalization
CVSS 7.6
CVE-2026-34425
MEDIUM
OpenClaw - Shell-Bleed Protection Preflight Validation Bypass
CVSS 5.4
CVE-2026-35000
MEDIUM
ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read
CVSS 6.5
CVE-2026-34430
HIGH
ByteDance DeerFlow LocalSandboxProvider Host Bash Escape
CVSS 8.8
CVE-2026-33628
MEDIUM
Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items
CVSS 5.4
CVE-2026-33396
CRITICAL
OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe
CVSS 9.9
CVE-2026-4509
MEDIUM
PbootCMS File Upload file.php incomplete blacklist
CVSS 6.3
CVE-2026-33139
HIGH
PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution
CVSS 7.8
Details
Vulnerabilities
102