๐Ÿ” CVE Alert

CVE-2026-15193

MEDIUM 5.3

AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

CWE CWE-78 CWE-77
Vendor aidanpark
Product openclaw-android
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for aidanpark openclaw-android

Be the first to know when new medium vulnerabilities affecting aidanpark openclaw-android are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

AidanPark / openclaw-android
0.1 0.2 0.3 0.4.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377120 vuldb.com: https://vuldb.com/vuln/377120/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15193 vuldb.com: https://vuldb.com/submit/851623 github.com: https://github.com/AidanPark/openclaw-android/issues/136 github.com: https://github.com/AidanPark/openclaw-android/pull/137 github.com: https://github.com/AidanPark/openclaw-android/

Credits

๐Ÿ” Dem00000 (VulDB User) VulDB CNA Team