The China Academy of Information and Communications Technology collaborates with universities to discover and fix the high-risk command injection vulnerability in OpenClaw
By: rootdata|2026/03/16 19:49:53
0
Share
The China Academy of Information and Communications Technology, in collaboration with Shanghai Jiao Tong University and Nanjing University, discovered a high-risk vulnerability driven by LLM command injection in the bash-tools module of the open-source autonomous intelligent agent framework OpenClaw during a security audit.
This vulnerability arises from the system's failure to strictly escape command line parameters generated by LLM, allowing attackers to bypass regex defenses through inducive prompts, achieving remote code execution on the host machine and stealing sensitive data.
The research team has completed attack verification in various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted repair suggestions to the NVDB Artificial Intelligence Product Security Vulnerability Professional Database (CAIVD) and the GitHub community.
You may also like
How Traders Keep Profits When PEPE WLD and FET Start Moving Fast Again
PEPE, WLD and FET are moving fast again as crypto volatility returns in 2026. Here’s how active traders are adapting to fast altcoin markets, reducing trading friction, and keeping more profits during high-frequency trading.
Behind NEAR's Doubling: 3 Major Trends Becoming the Engine of Coin Prices
AI + Privacy + Buyback.
Visa and Stripe are both working on stablecoins, but their focus is not on payments
Why do businesses still need stablecoins? What problems do stablecoins actually solve?
It's easy to conquer a city, but difficult to govern it: Polymarket wants to establish a presence globally but still has to bow down everywhere
How can a system born from decentralization and without permission embed regulatory frameworks based on sovereignty, licensing, and consumer protection?
Ten Thousand Characters Breakdown of On-Chain Vaults: Eight Major Tracks, Who is Rising and Who is Declining?
On one side is the collective withdrawal of lending and collateral-type vaults, while on the other side is the counter-trend growth of RWA and curation vaults. On-chain vaults are no longer a single market, but rather eight increasingly differentiated tracks. This ten-thousand-word research report t...
Insiders betting on Musk are reaping "historic returns."
SpaceX submitted its S-1 prospectus for the largest IPO in history, disclosing details of Class A shareholdings, significant losses in the AI sector, and multiple related party transactions, with an expected listing in mid-June.
Morning Report | Binance launches DYOR research tool; YZi Labs launches recruitment platform YZi Talent; Vitalik states that the Ethereum Foundation will "downsize" and reduce the amount of ETH sold
Overview of Important Market Events on May 25
Morning News | Michael Saylor stated that this week he bought bonds instead of Bitcoin; StablR was attacked and lost about 2.8 million dollars; the U.S. Congress is pushing the Bitcoin Reserve Act again
Overview of Important Market Events on May 24
SuperEx's Mars exploration dream: Digital currency is the key to unlocking economic exchanges in the interstellar era
SuperEx has always called for exchanges to focus not on internal strife and competition, but on jointly promoting the development of digital currencies, becoming a driving force for the future interstellar era.
Key Takeaways: Full Text of Google Chief Scientist Shanahan's Speech
Google DeepMind Chief Scientist Shanahan's London Speech: Deconstructing the mental attributes of large language models (LLM) using the framework of Wittgenstein, analyzing the trend of "alien self-identity" under the context of all-weather agents.
Agentic Design Patterns: A book that made me rethink "What exactly is an Agent?"
Google Engineering Director's new book deeply analyzes: 21 design patterns of AI Agents. This article reveals the core progression from "bare LLM" to advanced intelligent agents, detailing Context Engineering, the dual Agent reflection mechanism (Producer-Critic), and the three-layer memory model, w...
The richest chairman of the Federal Reserve in 112 years has arrived: Kevin Warsh is rewriting the rules
The "richest" new chairman of the Federal Reserve, Kevin Warsh, has officially taken office. His alternative proposal of "balance sheet reduction + interest rate cuts" aims not only to reshape the decision-making mechanism but also to profoundly disrupt the U.S. Treasury, the dollar, and the global ...
Vitalik talks about the future of the Ethereum Foundation: a smaller, more distinctive, yet more enduring ship
Vitalik elaborated on his personal views regarding the transformation direction of the Ethereum Foundation: EF is not "the center of Ethereum," but one of many nodes. With limited resources, EF chooses long-termism over spreading itself thin, focusing on key tasks that "would not happen without EF"—...
New Types of Information Laundering in Prediction Markets: How Secrets Integrate into Investment Signals
The harsh reality is that information laundering is not a man-made loophole in the prediction market, but rather a side effect of its core operating mechanism.
Vitalik emphasized in a post that Ethereum must be "amazing," but the foundation is not the center
In response to the recent repeated doubts from the community regarding the Ethereum Foundation, Vitalik addressed the community's concerns today in a long article with an honest and firm attitude, systematically elaborating on his deep thoughts about the role, strategic direction, and value position...
DeFi has reached its most dangerous moment: the real vulnerabilities are not in the code
April 2026 is not just a security crisis; it is the moment when the industry's mental model completely collapses, and it is also the moment when the protocols that can survive are distinguished from those that cannot.
WEEX Bitcoin Pizza Day: Zero Fees, BTC Cashback & 150,000 USDT to Honor Crypto History
Join WEEX’s Pizza Day celebration! From zero fees to BTC cashback, honor the first ever real-world bitcoin transaction. 150,000 USDT prize pool, that's the way WEEX rewards its users and honors crypto history.
a16z: 7 Images to Understand How Tokenization Changes the Nature of Assets
It's far more than just moving traditional assets onto the blockchain.
How Traders Keep Profits When PEPE WLD and FET Start Moving Fast Again
PEPE, WLD and FET are moving fast again as crypto volatility returns in 2026. Here’s how active traders are adapting to fast altcoin markets, reducing trading friction, and keeping more profits during high-frequency trading.
Behind NEAR's Doubling: 3 Major Trends Becoming the Engine of Coin Prices
AI + Privacy + Buyback.
Visa and Stripe are both working on stablecoins, but their focus is not on payments
Why do businesses still need stablecoins? What problems do stablecoins actually solve?
It's easy to conquer a city, but difficult to govern it: Polymarket wants to establish a presence globally but still has to bow down everywhere
How can a system born from decentralization and without permission embed regulatory frameworks based on sovereignty, licensing, and consumer protection?
Ten Thousand Characters Breakdown of On-Chain Vaults: Eight Major Tracks, Who is Rising and Who is Declining?
On one side is the collective withdrawal of lending and collateral-type vaults, while on the other side is the counter-trend growth of RWA and curation vaults. On-chain vaults are no longer a single market, but rather eight increasingly differentiated tracks. This ten-thousand-word research report t...
Insiders betting on Musk are reaping "historic returns."
SpaceX submitted its S-1 prospectus for the largest IPO in history, disclosing details of Class A shareholdings, significant losses in the AI sector, and multiple related party transactions, with an expected listing in mid-June.
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
