Search criteria
1 vulnerability by haojing8312
CVE-2026-9565 (GCVE-0-2026-9565)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:45 – Updated: 2026-05-28 14:00
VLAI
Title
haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection
Summary
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365627 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365627/cti | signaturepermissions-required |
| https://vuldb.com/submit/815713 | third-party-advisory |
| https://github.com/haojing8312/WorkClaw/issues/4 | exploitissue-tracking |
| https://github.com/haojing8312/WorkClaw/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| haojing8312 | WorkClaw |
Affected:
0.6.0
Affected: 0.6.1 Affected: 0.6.2 Affected: 0.6.3 Affected: 0.6.4 cpe:2.3:a:haojing8312:workclaw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9565",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:00:23.360468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:00:38.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:haojing8312:workclaw:*:*:*:*:*:*:*:*"
],
"modules": [
"Blacklist Handler"
],
"product": "WorkClaw",
"vendor": "haojing8312",
"versions": [
{
"status": "affected",
"version": "0.6.0"
},
{
"status": "affected",
"version": "0.6.1"
},
{
"status": "affected",
"version": "0.6.2"
},
{
"status": "affected",
"version": "0.6.3"
},
{
"status": "affected",
"version": "0.6.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ybdesire (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:45:10.781Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365627 | haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365627"
},
{
"name": "VDB-365627 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365627/cti"
},
{
"name": "Submit #815713 | haojing8312 WorkClaw v0.1.0 - v0.6.3 Incomplete Blacklist",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/815713"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/haojing8312/WorkClaw/issues/4"
},
{
"tags": [
"product"
],
"url": "https://github.com/haojing8312/WorkClaw/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T12:44:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "haojing8312 WorkClaw Blacklist bash.rs is_dangerous os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9565",
"datePublished": "2026-05-26T16:45:10.781Z",
"dateReserved": "2026-05-26T10:39:05.981Z",
"dateUpdated": "2026-05-28T14:00:38.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}