PANews|Mar 16, 2026 11:02
[China Academy of Information and Communications Technology Collaborates with Universities to Discover and Fix OpenClaw High-Risk Command Injection Vulnerability]
According to a report by the China Academy of Information and Communications Technology (CAICT), a joint team from CAICT, Shanghai Jiao Tong University, and Nanjing University discovered a high-risk LLM-driven command injection vulnerability in the bash-tools module of the open-source autonomous intelligent framework OpenClaw during a security audit. The vulnerability stems from the system's failure to strictly escape command-line parameters generated by LLMs, allowing attackers to bypass regular expression defenses through manipulative prompts, achieve remote code execution on the host machine, and steal sensitive data. The research team has completed attack validation across various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted remediation recommendations to the NVDB Artificial Intelligence Product Security Vulnerability Database (CAIVD) and the GitHub community.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink