The China Academy of Information and Communications Technology collaborates with universities to discover and fix the high-risk command injection vulnerability in OpenClaw

The China Academy of Information and Communications Technology, in collaboration with Shanghai Jiao Tong University and Nanjing University, discovered a high-risk vulnerability driven by LLM command injection in the bash-tools module of the open-source autonomous intelligent agent framework OpenClaw during a security audit.

This vulnerability arises from the system's failure to strictly escape command line parameters generated by LLM, allowing attackers to bypass regex defenses through inducive prompts, achieving remote code execution on the host machine and stealing sensitive data.

The research team has completed attack verification in various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted repair suggestions to the NVDB Artificial Intelligence Product Security Vulnerability Professional Database (CAIVD) and the GitHub community.