CVE-2026-15193
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/ap
CVSS
5.3
Medium
EPSS
0.7%
p48
KEV
—
Exploit Today
15
0-100
Published: Jul 9, 2026 · Last modified: Jul 9, 2026 · CWE-77 · CWE-78
0.7%EPSS · 30 days0.7%
2026-07-102026-07-17
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
- github.comhttps://github.com/AidanPark/openclaw-android/
- github.comhttps://github.com/AidanPark/openclaw-android/issues/136
- github.comhttps://github.com/AidanPark/openclaw-android/pull/137
- vuldb.comhttps://vuldb.com/cve/CVE-2026-15193
- vuldb.comhttps://vuldb.com/submit/851623
- vuldb.comhttps://vuldb.com/vuln/377120
- vuldb.comhttps://vuldb.com/vuln/377120/cti
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2026-398089.8 CRI99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability16hCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection8d