Express
China Information and Communication Research Institute, in collaboration with universities, discovers and fixes high-risk command injection vulnerability in OpenClaw
Summary: According to market reports, a joint team from China Information and Communication Research Institute, Shanghai Jiao Tong University, and Nanjing University discovered a high-risk command injection vulnerability in the bash-tools module of the open-source autonomous agent framework OpenClaw during a security audit. The vulnerability stems from the system not strictly escaping command line parameters generated ...
According to market reports, a joint team from China Information and Communication Research Institute, Shanghai Jiao Tong University, and Nanjing University discovered a high-risk command injection vulnerability in the bash-tools module of the open-source autonomous agent framework OpenClaw during a security audit. The vulnerability stems from the system not strictly escaping command line parameters generated by LLM, allowing attackers to bypass regular defenses through misleading prompts, achieve remote code execution on the host machine, and steal sensitive data. The research team has completed attack verification in multiple mainstream model environments, initiated responsible vulnerability disclosure procedures, and submitted repair suggestions to the NVDB Artificial Intelligence Product Security Vulnerability Database (CAIVD) and the GitHub community.
Tags:
Link: China Information and Communication Research Institute, in collaboration with universities, discovers and fixes high-risk command injection vulnerability in OpenClaw [Copy]
