CVE-2026-15193
AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
| CWE | CWE-78 CWE-77 |
| Vendor | aidanpark |
| Product | openclaw-android |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for aidanpark openclaw-android
Be the first to know when new medium vulnerabilities affecting aidanpark openclaw-android are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
AidanPark / openclaw-android
0.1 0.2 0.3 0.4.0
References
vuldb.com: https://vuldb.com/vuln/377120 vuldb.com: https://vuldb.com/vuln/377120/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15193 vuldb.com: https://vuldb.com/submit/851623 github.com: https://github.com/AidanPark/openclaw-android/issues/136 github.com: https://github.com/AidanPark/openclaw-android/pull/137 github.com: https://github.com/AidanPark/openclaw-android/
Credits
๐ Dem00000 (VulDB User) VulDB CNA Team