{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T15:06:37.879","vulnerabilities":[{"cve":{"id":"CVE-2026-27001","sourceIdentifier":"security-advisories@github.com","published":"2026-02-20T00:16:16.653","lastModified":"2026-02-20T18:13:49.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters (for example newlines or Unicode bidi/zero-width markers), those characters could break the prompt structure and inject attacker-controlled instructions. Starting in version 2026.2.15, the workspace path is sanitized before it is embedded into any LLM prompt output, stripping Unicode control/format characters and explicit line/paragraph separators. Workspace path resolution also applies the same sanitization as defense-in-depth."},{"lang":"es","value":"OpenClaw es un asistente personal de IA. Antes de la versión 2026.2.15, OpenClaw incrustaba el directorio de trabajo actual (ruta del espacio de trabajo) en el prompt del sistema del agente sin saneamiento. Si un atacante puede hacer que OpenClaw se ejecute dentro de un directorio cuyo nombre contiene caracteres de control/formato (por ejemplo, saltos de línea o marcadores Unicode bidireccionales/de ancho cero), esos caracteres podrían romper la estructura del prompt e inyectar instrucciones controladas por el atacante. A partir de la versión 2026.2.15, la ruta del espacio de trabajo se sanea antes de incrustarse en cualquier salida de prompt de LLM, eliminando caracteres de control/formato Unicode y separadores explícitos de línea/párrafo. La resolución de la ruta del espacio de trabajo también aplica el mismo saneamiento como defensa en profundidad."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.2.15","matchCriteriaId":"3CD9AC99-DDDF-4177-9253-04A63CA027DC"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/commit/6254e96acf16e70ceccc8f9b2abecee44d606f79","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.2.15","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2qj5-gwg2-xwc4","source":"security-advisories@github.com","tags":["Vendor Advisory","Patch"]}]}}]}