CVE-2026-26323: OpenClaw has a command injection in maintainer clawtributors updater
(updated )
Command injection in the maintainer/dev script scripts/update-clawtributors.ts.
References
- github.com/advisories/GHSA-m7x8-2w3w-pr42
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/a429380e337152746031d290432a4b93aa553d55
- github.com/openclaw/openclaw/releases/tag/v2026.2.14
- github.com/openclaw/openclaw/security/advisories/GHSA-m7x8-2w3w-pr42
- nvd.nist.gov/vuln/detail/CVE-2026-26323
Code Behaviors & Features
Detect and mitigate CVE-2026-26323 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →