LOW
haojing8312
CVE published 2026-05-26
CVE-2026-9565
A command injection vulnerability exists in WorkClaw, a Tauri-based application, affecting versions up to 0.6.4. The flaw resides in the `is_dangerous` function within `apps/runtime/src-tauri/src/agent/tools/bash.rs`, where insufficient input validation in the blacklist handler permits OS command injection. The vulnerability is remotely exploitable and has been publicly disclosed. The project maintainer w [truncated]