CWE-15
External Control of System or Configuration Setting
Description
One or more system settings or configuration elements can be externally controlled by a user.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-13 · CAPEC-146 · CAPEC-176 · CAPEC-203 · CAPEC-270 · CAPEC-271 · CAPEC-579 · CAPEC-69 · CAPEC-76 · CAPEC-77
CVEs mapped to this weakness (44)
page 2 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35650 | Hig | 0.42 | 7.5 | 0.00 | Apr 10, 2026 | OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through… | ||
| CVE-2026-22750 | Hig | 0.42 | 7.5 | 0.00 | Apr 10, 2026 | When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are… | ||
| CVE-2026-43531 | Hig | 0.40 | 7.3 | 0.00 | May 5, 2026 | OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to… | ||
| CVE-2025-27253 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2025 | A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may… | ||
| CVE-2026-30817 | Med | 0.37 | 5.7 | 0.00 | Apr 8, 2026 | An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary… | ||
| CVE-2026-30816 | Med | 0.37 | 5.7 | 0.00 | Apr 8, 2026 | An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary… | ||
| CVE-2026-22177 | Med | 0.33 | 6.1 | 0.00 | Mar 18, 2026 | OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the… | ||
| CVE-2026-0495 | Med | 0.33 | 5.1 | 0.00 | Jan 13, 2026 | SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application. | ||
| CVE-2026-0418 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system. | ||
| CVE-2025-13091 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-44992 | Med | 0.26 | 5.0 | 0.00 | May 11, 2026 | OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in… | ||
| CVE-2026-0232 | Med | 0.26 | — | 0.00 | Apr 13, 2026 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection. | ||
| CVE-2026-21422 | Low | 0.22 | 3.4 | 0.00 | Mar 4, 2026 | Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass. | ||
| CVE-2024-21583 | Med | 0.20 | 4.1 | 0.01 | Jul 19, 2024 | Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p… | ||
| CVE-2025-8283 | Low | 0.17 | 3.7 | 0.00 | Jul 28, 2025 | A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name,… | ||
| CVE-2026-32058 | 0.00 | — | 0.00 | Mar 21, 2026 | OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by… | |||
| CVE-2026-32056 | 0.00 | — | 0.01 | Mar 21, 2026 | OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv… | |||
| CVE-2026-32003 | 0.00 | — | 0.01 | Mar 19, 2026 | OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with… | |||
| CVE-2026-22169 | 0.00 | — | 0.00 | Mar 18, 2026 | OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass… | |||
| CVE-2026-4039 | 0.00 | — | 0.00 | Mar 12, 2026 | A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to… |
- risk 0.42cvss 7.5epss 0.00
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed override keys that slip through…
- risk 0.42cvss 7.5epss 0.00
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are…
- risk 0.40cvss 7.3epss 0.00
OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to…
- risk 0.40cvss 6.1epss 0.00
A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may…
- risk 0.37cvss 5.7epss 0.00
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary…
- risk 0.37cvss 5.7epss 0.00
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary…
- risk 0.33cvss 6.1epss 0.00
OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the…
- risk 0.33cvss 5.1epss 0.00
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to send uploaded files to arbitrary emails which could enable effective phishing campaigns. This has low impact on confidentiality, integrity and availability of the application.
- risk 0.28cvss —epss 0.00
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
- risk 0.28cvss 4.3epss 0.00
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with…
- risk 0.26cvss 5.0epss 0.00
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in…
- risk 0.26cvss —epss 0.00
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
- risk 0.22cvss 3.4epss 0.00
Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.
- risk 0.20cvss 4.1epss 0.01
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p…
- risk 0.17cvss 3.7epss 0.00
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name,…
- CVE-2026-32058Mar 21, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by…
- CVE-2026-32056Mar 21, 2026risk 0.00cvss —epss 0.01
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv…
- CVE-2026-32003Mar 19, 2026risk 0.00cvss —epss 0.01
OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with…
- CVE-2026-22169Mar 18, 2026risk 0.00cvss —epss 0.00
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass…
- CVE-2026-4039Mar 12, 2026risk 0.00cvss —epss 0.00
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to…