CVE-2026-9565
Command Injection in WorkClaw Application
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| haojing8312 | workclaw | to 0.6.4 (inc) |
| haojing8312 | workclaw | From 0.1.0 (inc) to 0.6.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in CVE-2026-9565 is due to a flawed command filtering mechanism in the WorkClaw software, specifically in the is_dangerous function within the bash.rs file. This function uses an inadequate blacklist-based approach to detect dangerous commands, which fails because of critical design flaws.
- Incomplete pattern coverage leading to bypasses (CWE-184).
- Reliance on naive substring matching instead of proper command validation (CWE-183).
- Lack of support for multi-spaces, tabs, absolute paths, shell syntax parsing, and effective case conversion.
As a result, multiple malicious command variants can bypass detection, including those with extra spaces, absolute paths, line breaks, quoted parameters, and commands not included in the limited blacklist. This allows an attacker to execute OS command injection remotely.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute arbitrary operating system commands on the affected system running WorkClaw. Because the blacklist filtering is ineffective, malicious commands can bypass detection and be executed.
Potential impacts include unauthorized access, manipulation or destruction of data, execution of malicious code, and compromise of the local environment where WorkClaw operates.
Given WorkClaw's role in managing AI employee teams and storing sensitive data locally, exploitation could lead to exposure or corruption of sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability in WorkClaw involves a flawed blacklist-based command filtering mechanism in the is_dangerous function, which fails to detect malicious commands due to incomplete pattern coverage and naive substring matching.
Detection on your system would involve monitoring for suspicious command executions that bypass the blacklist, especially those using variants with extra spaces, absolute paths, line breaks, quoted parameters, or commands not included in the limited blacklist.
Since the vulnerability is related to OS command injection, you can look for unusual or unexpected shell commands executed by the WorkClaw process.
- Use process monitoring tools (e.g., `ps`, `top`, or `htop`) to identify WorkClaw processes and inspect their command lines.
- Use system audit tools like `auditd` or `sysmon` to log command executions related to WorkClaw.
- Run commands to check for suspicious processes or commands, for example: `ps aux | grep workclaw` or `pgrep -a workclaw`.
- Monitor network traffic for unusual outbound connections initiated by WorkClaw that could indicate exploitation.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating WorkClaw to the latest patched version once available, as the vulnerability affects versions up to 0.6.4.
Review and tighten permission settings within WorkClaw to limit the ability to execute potentially dangerous commands.
Ensure secure configuration of the application, including restricting access to the runtime environment and avoiding running WorkClaw with elevated privileges.
Monitor for suspicious activity and consider disabling or restricting features that allow command execution until a fix is applied.
Follow official guidance and security disclosures from the WorkClaw project, including reviewing their SECURITY.md file for updates and recommended practices.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-9565 vulnerability in WorkClaw involves a flawed command filtering mechanism that can lead to OS command injection, potentially allowing unauthorized access or malicious actions.
Given that WorkClaw stores sensitive data locally, including conversations and employee memories, exploitation of this vulnerability could result in unauthorized data access or manipulation.
Such unauthorized access or data compromise could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.
Therefore, this vulnerability poses a risk to maintaining compliance with these standards by potentially exposing protected data through insufficient security controls.