CVE-2026-9565

haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection

CVSS 5.3 MEDIUMEPSS 1.1%CWE-77 CWE-78

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

haojing8312 · WorkClaw

PoCs públicas encontradas — 1

cve_referencegithub.com/haojing8312/WorkClaw/issues/4no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/haojing8312/WorkClaw/https://github.com/haojing8312/WorkClaw/issues/4 https://vuldb.com/submit/815713 https://vuldb.com/vuln/365627 https://vuldb.com/vuln/365627/cti