CVE-2026-9565 | haojing8312 WorkClaw up to 0.6.4 Blacklist bash.rs is_dangerous os command injection

A vulnerability, which was classified as critical, was found in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection.

This vulnerability is handled as CVE-2026-9565. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More