top of page
perceptive_background_267k.jpg

OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attacke…

Published:

22 april 2026 om 22:00:00

Alert date:

23 april 2026 om 23:04:51

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Security Tools

OpenShell versions before 2026.3.28 contain an arbitrary code execution vulnerability in mirror mode functionality. The vulnerability allows attackers with mirror mode access to convert untrusted sandbox files into workspace hooks. This enables execution of arbitrary code on the host system during gateway startup. The vulnerability is exploited through enabled workspace hooks and affects the file conversion process in mirror mode. Successful exploitation requires mirror mode access but can lead to complete system compromise.

Technical details

Mitigation steps:

Affected products:

OpenShell

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41355
https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1
https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh
https://www.vulncheck.com/advisories/openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page