Threats Tagged 'ghsa-j472-gf56-x589'
View all threats tagged with 'ghsa-j472-gf56-x589'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-j472-gf56-x589'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-j472-gf56-x589: OpenClaw: PowerShell encoded-command aliases could miss exec allowlist checks 0 OpenClaw versions prior to 2026.5.12 have a vulnerability where PowerShell encoded-command aliases may bypass execution allowlist checks. This occurs because abbreviated encoded-command flags can use alias forms not recognized by the allowlist parser. The vulnerability affects configurations where this feature is enabled and reachable, potentially allowing execution of encoded PowerShell content without proper allowlist validation. The issue does not alter OpenClaw's trusted-operator model and depends on operator configuration and input trust levels. A fix is available in version 2026.5.12. Until patched, it is recommended to avoid allowlisting PowerShell wrapper forms and require approval for encoded commands. Additional hardening includes narrowing allowlists, isolating Gateway users, and disabling the affected feature if not needed. Join the discussion | GCVE Database | 07/02/2026, 17:22:52 UTC Added: 07/02/2026, 22:57:09 UTC |
Showing 1 to 1 of 1 result