EUVD-2026-31886
GHSA-h75h-m8wx-2x9c
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
OS command injection in haojing8312 WorkClaw up to version 0.6.4 allows a low-privileged remote attacker to bypass the application's blacklist-based command filter and execute arbitrary operating system commands. The flaw resides in the is_dangerous function within the Rust/Tauri agent's bash tool (apps/runtime/src-tauri/src/agent/tools/bash.rs), where an incomplete blacklist fails to block crafted payloads. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The WorkClaw bash agent feature must be active and accessible - this is the component containing the vulnerable `is_dangerous` blacklist function in `apps/runtime/src-tauri/src/agent/tools/bash.rs`. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Despite the CWE-78 classification (OS command injection) which typically warrants high severity, the CVSS 4.0 base score is only 2.1, driven by low CIA impact ratings (VC:L/VI:L/VA:L) and no subsequent component impact (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged account on a WorkClaw instance submits a crafted bash command string to the agent's command execution interface, bypassing the `is_dangerous` blacklist check through shell metacharacter injection or command chaining techniques documented in the publicly available proof-of-concept at https://github.com/haojing8312/WorkClaw/issues/4. The injected command executes on the host OS under the WorkClaw process context, enabling file access, lateral movement, or further exploitation depending on the process's OS-level privileges. … |
| Remediation | No vendor-released patch identified at time of analysis - the project maintainer (haojing8312) was notified via issue report but has not responded. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today