- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
The China Academy of Information and Communications Technology collaborates with universities to discover and fix the high-risk command injection vulnerability in OpenClaw
The China Academy of Information and Communications Technology, in collaboration with Shanghai Jiao Tong University and Nanjing University, discovered a high-risk vulnerability driven by LLM command injection in the bash-tools module of the open-source autonomous intelligent agent framework OpenClaw during a security audit.
This vulnerability arises from the system's failure to strictly escape command line parameters generated by LLM, allowing attackers to bypass regex defenses through inducive prompts, achieving remote code execution on the host machine and stealing sensitive data.
The research team has completed attack verification in various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted repair suggestions to the NVDB Artificial Intelligence Product Security Vulnerability Professional Database (CAIVD) and the GitHub community.
You may also like
Who is the true winner of the "Tokenization" narrative?
Moss: The Era of AI-Traded by Anyone | Project Introduction
Chip Smuggling Case Exposes Regulatory Loophole | Rewire News Evening Update
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
Old Indicator Fails, Three Major New Signals Emerge: BTC True Bottom May Still Be Below $60K
Meeting OpenClaw Founder at a Hackathon: What Else Can Lobsters Do?
Huang Renxun's Latest Podcast Transcript: NVIDIA's Future, Embodied Intelligence and Agent Development, Soaring Demand for Inferencing, and AI's PR Crisis
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Crypto_Trade shows how structured inputs and controlled adaptability can build a more stable and reliable AI crypto trading bot within the WEEX AI Trading Hackathon, highlighting a practical path toward scalable AI trading systems.
AI Starts to Devour the Manufacturing Industry | Rewire News Morning Edition
When Scaling Meets Speed, Ethereum Foundation Introduces "Hardness" to Safeguard the Base Layer
Google, Circle, Stripe Flock Together to Let AI Spend Money: Payment Giants' Joys and Worries in 2026 Q1
$100 Billion Factory Purchase: Bezos and Middle Eastern Capital Shift AI Money from Cloud to Shop Floor
Xiaomi and MiniMax both unleash their ultimate moves, signaling the start of the Agent Pricing War.
Predicting markets has taken the spotlight, but the Perp DEX has been quietly waging war on traditional exchanges.
Is the Market Slump Still Making Millions a Day? Is pump.fun's Revenue Real?
Understanding x402 and MPP in One Article: The Two Paths of Agent Payments
Quick Look at the Latest 18 Graduation Projects from Alliance: Who's the Next Pump.fun?
It's not just the prediction market that profits from the Iraq War
Who is the true winner of the "Tokenization" narrative?
Moss: The Era of AI-Traded by Anyone | Project Introduction
Chip Smuggling Case Exposes Regulatory Loophole | Rewire News Evening Update
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
App