Buy Crypto Markets Spot FuturesGOLD Earn Event Center

PANews reported on March 16 that a joint team from CAICT, Shanghai Jiao Tong University, and Nanjing University discovered a high-risk LLM-driven command injectionPANews reported on March 16 that a joint team from CAICT, Shanghai Jiao Tong University, and Nanjing University discovered a high-risk LLM-driven command injection

The China Academy of Information and Communications Technology (CAICT), in collaboration with universities, discovered and patched a high-risk command injection vulnerability in OpenClaw.

Author: PANews

Source: PANews

2026/03/16 19:00

1 min read

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

PANews reported on March 16 that a joint team from CAICT, Shanghai Jiao Tong University, and Nanjing University discovered a high-risk LLM-driven command injection vulnerability in the bash-tools module of the open-source autonomous intelligent agent framework OpenClaw during a security audit. This vulnerability stems from the system's failure to strictly escape command-line arguments generated by LLM. Attackers can bypass regular expression defenses through deceptive prompts, achieving remote code execution and stealing sensitive data on the host machine. The research team has completed attack verification in various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted remediation suggestions to the NVDB AI Product Security Vulnerability Database (CAIVD) and the GitHub community.

Don't Miss $200,000 U-Fest

Get mystery boxes, 12% APR & $200 new user gifts!

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.