CVE-2026-15193 | AidanPark openclaw-android up to 0.4.0 Android WebView Bridge JsBridge.kt os command injection (Issue 136)
A vulnerability, which was classified as critical, has been found in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection.
The identification of this vulnerability is CVE-2026-15193. The attack can only be executed locally. Furthermore, there is an exploit available.
The pull request to fix this issue awaits acceptance.VulDB Recent EntriesRead More