CVE-2024-38487

Publié : 16 juin 2026

Modifié : 16 juin 2026

Score CVSS

HIGH

Description détaillée

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

Références et Patchs

https://www.dell.com/support/kbdoc/en-us/000226270/dsa-2024-247-security-update-for-dell-vxrail-7-0-520-multiple-third-party-component-vulnerabilities

Dernières Vulnérabilités

CVE-2026-53866

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parser case missing the expected allowlist decision, enabling shell content execution without intended approval prompts.

VOIR DÉTAILS

CVE-2026-53865

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by manipulating workspace-derived environment paths.

VOIR DÉTAILS

CVE-2026-53864

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.js control variables to influence child processes or coverage output paths.

VOIR DÉTAILS